← Back

CVE-2020-8598

nvd nist
Published: Mar 18, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.

Affected (7)

Trendmicro
3 products
Apex One
Officescan
Worry Free Business Security
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Apex One
Version 2019
Trendmicro
Officescan
Version xg
Officescan
Version xg sp1
Trendmicro
Worry Free Business Security
Version 10.0
Worry Free Business Security
Version 10.0 sp1
Worry Free Business Security
Version 9.0 sp3
Worry Free Business Security
Version 9.5

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (8)

Source: security@trendmicro.com
PatchVendor Advisory
Source: security@trendmicro.com
PatchVendor Advisory
Source: security@trendmicro.com
PatchVendor Advisory
Source: security@trendmicro.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.