CVE-2020-8468

Warnung

EPSS 5.03%
Veröffentlicht 18.03.2020 01:15:12
Zuletzt bearbeitet 13.02.2025 14:28:17
Quelle security@trendmicro.com
Teams Watchlist Login
Unerledigt Login

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trendmicro ≫ Apex One Version2019

Trendmicro ≫ Officescan Versionxg

Trendmicro ≫ Officescan Versionxg Updatesp1

Trendmicro ≫ Worry-free Business Security Version9.0 Updatesp3

Trendmicro ≫ Worry-free Business Security Version9.5

Trendmicro ≫ Worry-free Business Security Version10.0 Update-

Trendmicro ≫ Worry-free Business Security Version10.0 Updatesp1

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Trend Micro Multiple Products Content Validation Escape Vulnerability

Schwachstelle

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.03%	0.893

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

https://success.trendmicro.com/jp/solution/000244253

Patch

Vendor Advisory

https://success.trendmicro.com/solution/000245571

Patch

Vendor Advisory

https://success.trendmicro.com/jp/solution/000244836

Patch

Vendor Advisory

https://success.trendmicro.com/solution/000245572

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8468

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8468

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8468

EUVD