CVE-2020-28577

CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 40.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Apex ONE Trend Micro Trend Micro Officescan Trendmicro Apex ONE +1 more

Timeline

PublishedDec 1

Latest updateMay 24

Description

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDtrendmicro/apex_one2019

▶NVDtrendmicro/officescanxg

▶CVEListV5trend_micro/trend_micro_apex_one2019

▶CVEListV5trend_micro/trend_micro_officescanXG SP1

🔴Vulnerability Details

GHSA

GHSA-2cqx-cjpv-4c7m: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to c↗2022-05-24

▶

CVEList

CVE-2020-28577: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to c↗2020-12-01

▶