CVE-2020-8468

CVSS 8.8 HIGHEPSS 5.8%● KEVCWE-74

In short

A flaw in Trend Micro security software allows authenticated users to bypass content validation and manipulate agent components, potentially compromising the security tool itself.

Technical detail

CWE-74 content validation escape vulnerability in Trend Micro Apex One, OfficeScan XG, and Worry-Free Business Security agents permits authenticated attackers to manipulate client components through improper input validation. Exploitation requires valid user credentials and affects agent functionality.

Summary generated and translated by AI from the official description.

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Trend Micro · Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/jp/solution/000244836 https://success.trendmicro.com/solution/000245571 https://success.trendmicro.com/solution/000245572 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468