CVE-2020-27015 — Information Exposure via Error Message in Micro Antivirus FOR MAC

CWE-209 — Information Exposure via Error Message3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 70.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Antivirus FOR MAC Trendmicro Antivirus

Timeline

PublishedOct 30

Latest updateMay 24

Description

Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶NVDtrendmicro/antivirus2020

▶CVEListV5trend_micro/trend_micro_antivirus_for_mac2020 (v10.x) and below

🔴Vulnerability Details

GHSA

GHSA-3728-546x-w527: Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel poi↗2022-05-24

▶

CVEList

CVE-2020-27015: Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel poi↗2020-10-29

▶