CVE-2020-8470 — Improper Input Validation in Apex ONE

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 21.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Apex ONE Trendmicro Officescan Trendmicro Worry-free Business Security

Timeline

PublishedMar 18

Latest updateMay 24

Description

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDtrendmicro/worry-free_business_security10.0, 9.0, 9.5+2

▶NVDtrendmicro/apex_one2019

▶NVDtrendmicro/officescanxg

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-93p7-r5v9-rj38: Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9↗2022-05-24

▶

CVEList

CVE-2020-8470: Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9↗2020-03-18

▶