CVE-2020-8599

Published: Mar 18, 2020Modified: Oct 31, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.

Affected (3)

Products: Trendmicro: Apex One, Officescan

2 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Apex One	Version 2019
Trendmicro Officescan	Version xg
Trendmicro Officescan	Version xg sp1

References (5)

https://success.trendmicro.com/jp/solution/000244253

Source: security@trendmicro.com

Broken LinkPatchVendor Advisory

https://success.trendmicro.com/solution/000245571

Source: security@trendmicro.com

Broken LinkPatchVendor Advisory

https://success.trendmicro.com/jp/solution/000244253

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchVendor Advisory

https://success.trendmicro.com/solution/000245571

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8599

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.