7.5
CVE-2020-15604
- EPSS 0.23%
- Published 24.09.2020 02:15:12
- Last modified 21.11.2024 05:05:50
- Source security@trendmicro.com
- Teams watchlist Login
- Open Login
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.
Data is provided by the National Vulnerability Database (NVD)
Trendmicro ≫ Antivirus+ 2019 Version <= 15.0
Trendmicro ≫ Internet Security 2019 Version <= 15.0
Trendmicro ≫ Maximum Security 2019 Version <= 15.0
Trendmicro ≫ Officescan Cloud Version15
Trendmicro ≫ Premium Security 2019 Version <= 15.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.431 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-494 Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.