CVE-2020-8599
published 2020-03-18CVE-2020-8599: Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
11.58%
95.5th percentile
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trendmicro | apex_one | — | — |
| trendmicro | officescan | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →A vulnerable EXE file on the Trend Micro Apex One (2019) and OfficeScan XG server allows unauthenticated remote attackers to write arbitrary data to arbitrary paths and bypass ROOT login — monitor for unexpected file writes to sensitive server paths from unauthenticated sessions ↗
- →No authentication is required to exploit this vulnerability — alert on unauthenticated requests reaching Apex One or OfficeScan server management endpoints, especially those resulting in file write operations ↗
- ·Affected products are Trend Micro Apex One (2019) and OfficeScan XG server specifically; scope is limited to these server-side deployments ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r3h3-2xcv-m95h: Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an ar
ghsa_unreviewed·2022-05-24
CVE-2020-8599 [HIGH] CWE-434 GHSA-r3h3-2xcv-m95h: Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an ar
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
VulnCheck
Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
vulncheck·2020·CVSS 9.8
CVE-2020-8599 [CRITICAL] Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
Affected: Trend Micro Apex One and OfficeScan
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
CISA
Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2020-8599 [CRITICAL] Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Vulnerability: Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Affected: Trend Micro Apex One and OfficeScan
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-8599
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
Tenable
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
blogs_tenable·2022-09-14·CVSS 7.2
[HIGH] CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Tenable
CVE-2020-8467, CVE-2020-8468: Vulnerabilities in Trend Micro Apex One and OfficeScan Exploited in the Wild
blogs_tenable·2020-03-17·CVSS 8.8
[HIGH] CVE-2020-8467, CVE-2020-8468: Vulnerabilities in Trend Micro Apex One and OfficeScan Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
2020-03-18
Published
2021-11-03
Added to CISA KEV
Exploited in the wild