CVE-2020-27013 — Micro Antivirus FOR MAC vulnerability

3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 71.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Antivirus FOR MAC Trendmicro Antivirus

Timeline

PublishedOct 14

Latest updateMay 24

Description

Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

▶NVDtrendmicro/antivirus2020

▶CVEListV5trend_micro/trend_micro_antivirus_for_mac2020 (v10.x)

🔴Vulnerability Details

GHSA

GHSA-9ff7-xv4q-f43g: Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API w↗2022-05-24

▶

CVEList

CVE-2020-27013: Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API w↗2020-10-14

▶