CVE-2020-8468
published 2020-03-18CVE-2020-8468: Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability…
PriorityP182high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
5.75%
92.1th percentile
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trendmicro | apex_one | — | — |
| trendmicro | officescan | — | — |
| trendmicro | worry-free_business_security | — | — |
| trendmicro | worry-free_business_security | — | — |
| trendmicro | worry-free_business_security | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability affects Trend Micro Apex One (2019), OfficeScan XG, and Worry-Free Business Security (9.0, 9.5, 10.0) agent components — monitor for unexpected manipulation or tampering of agent client components on endpoints running these products ↗
- →Exploitation requires authenticated access — investigate authenticated sessions or accounts interacting with Trend Micro agent components for anomalous behavior ↗
- →This CVE is listed in CISA KEV, indicating confirmed in-the-wild exploitation — prioritize detection and patching on internet-exposed or enterprise endpoints running affected Trend Micro agents ↗
- ·Affected product versions are specifically Apex One (2019), OfficeScan XG, and Worry-Free Business Security versions 9.0, 9.5, and 10.0 — detections should be scoped to these versions only ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-963g-gc86-62cp: Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9
ghsa_unreviewed·2022-05-24
CVE-2020-8468 [MEDIUM] CWE-494 GHSA-963g-gc86-62cp: Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
VulnCheck
Trend Micro Multiple Products Content Validation Escape Vulnerability
vulncheck·2020·CVSS 8.8
CVE-2020-8468 [HIGH] CWE-74 Trend Micro Multiple Products Content Validation Escape Vulnerability
Trend Micro Multiple Products Content Validation Escape Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.
Affected: Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://success.trendmicro.com/dcx/s/solution/000245571-SECURITY-BULLETIN-Multiple-Critical-Vulnerabilities-in-Trend-Micro-Apex-One-and-OfficeScan; https://assets.sentinelone.com/c/Shadowpad?x=P42eqA; https://therecord.media/hackers-tried-to-exploit-two-zero-days-in-trend
CISA
Trend Micro Multiple Products Content Validation Escape Vulnerability
cisa·2021-11-03·CVSS 8.8
CVE-2020-8468 [HIGH] CWE-74 Trend Micro Multiple Products Content Validation Escape Vulnerability
Vulnerability: Trend Micro Multiple Products Content Validation Escape Vulnerability
Affected: Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-8468
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
Tenable
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild
blogs_tenable·2025-08-06·CVSS 9.4
[CRITICAL] CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
blogs_tenable·2022-09-14·CVSS 7.2
[HIGH] CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Tenable
CVE-2020-8467, CVE-2020-8468: Vulnerabilities in Trend Micro Apex One and OfficeScan Exploited in the Wild
blogs_tenable·2020-03-17·CVSS 8.8
[HIGH] CVE-2020-8467, CVE-2020-8468: Vulnerabilities in Trend Micro Apex One and OfficeScan Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Threat Intel
Tonto Team (Tonto Team, Earth Akhlut, BRONZE HUNTLEY)
threat_intel·CVSS 7.8
[HIGH] Tonto Team (Tonto Team, Earth Akhlut, BRONZE HUNTLEY)
# Threat Actor Profile: Tonto Team
ATT&CK ID: G0131
Also known as: Tonto Team, Earth Akhlut, BRONZE HUNTLEY, CactusPete, Karma Panda
Suspected origin: China
## Overview
Tonto Team is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by 2020 they expanded operations to include other Asian as well as Eastern European countries. Tonto Team has targeted government, military, energy, mining, financial, education, healthcare, and technology organizations, including through the Heartbeat Campaign (2009-2012) and Operation Bitter Biscuit (2017).(Citation: Kaspersky CactusPete Aug 2020)(Citation: ESET Exchange Mar 2021)(Citation: FireEye Chinese Espionage October 2019)(Citation: ARS Te
https://success.trendmicro.com/jp/solution/000244253https://success.trendmicro.com/jp/solution/000244836https://success.trendmicro.com/solution/000245571https://success.trendmicro.com/solution/000245572https://success.trendmicro.com/jp/solution/000244253https://success.trendmicro.com/jp/solution/000244836https://success.trendmicro.com/solution/000245571https://success.trendmicro.com/solution/000245572https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468
2020-03-18
Published
2021-11-03
Added to CISA KEV
Exploited in the wild