CVE-2020-28574 — Path Traversal in Micro Worry-free Business Security

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGHNVD

EPSS

4.0%

top 11.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Worry-free Business Security Trendmicro Worry-free Business Security

Timeline

PublishedNov 18

Latest updateMay 24

Description

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDtrendmicro/worry-free_business_security10.0

▶CVEListV5trend_micro/trend_micro_worry-free_business_security10.0 SP1

🔴Vulnerability Details

GHSA

GHSA-c4f6-mx8c-8v9m: A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauth↗2022-05-24

▶

CVEList

CVE-2020-28574: A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauth↗2020-11-18

▶