← back
CVE-2020-8467

CVE-2020-8467

CVSS 8.8 HIGHEPSS 10.8%● KEV
In short

A migration tool in Trend Micro Apex One (2019) and OfficeScan XG allows authenticated attackers to run arbitrary code on the system. This is dangerous because an authenticated user could take full control of the protected computer.

Technical detail

The migration tool component fails to properly validate or sanitize user-supplied input, enabling authenticated remote code execution (RCE). An attacker with valid credentials can exploit this to execute arbitrary commands with the privileges of the affected application, potentially leading to complete system compromise.

Summary generated and translated by AI from the official description.
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Trend Micro · Trend Micro OfficeScan, Trend Micro Apex One

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://success.trendmicro.com/jp/solution/000244253https://success.trendmicro.com/solution/000245571https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8467