CVE-2020-28576 — Sensitive Information Exposure in Micro Apex ONE

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.8%

top 25.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Apex ONE Trend Micro Officescan Trendmicro Apex ONE +1 more

Timeline

PublishedDec 1

Latest updateMay 24

Description

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDtrendmicro/apex_one2019

▶NVDtrendmicro/officescanxg

▶CVEListV5trend_micro/trend_micro_apex_one2019

▶CVEListV5trend_micro/trend_micro_officescanXG SP1

🔴Vulnerability Details

GHSA

GHSA-7wh8-4j2m-2xff: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to c↗2022-05-24

▶

CVEList

CVE-2020-28576: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to c↗2020-12-01

▶