Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) by Trend Micro

    CVE-2020-8598 (GCVE-0-2020-8598)

    Vulnerability from nvd – Published: 2020-03-18 00:30 – Updated: 2024-08-04 10:03
    VLAI
    Summary
    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) Affected: OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:45.801Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245571"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245572"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244836"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T00:30:44.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245571"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245572"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244836"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-8598",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000245571",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245571"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244253",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244253"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000245572",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245572"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244836",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244836"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-8598",
        "datePublished": "2020-03-18T00:30:44.000Z",
        "dateReserved": "2020-02-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:45.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8470 (GCVE-0-2020-8470)

    Vulnerability from nvd – Published: 2020-03-18 00:30 – Updated: 2024-08-04 10:03
    VLAI
    Summary
    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) Affected: OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:44.846Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245571"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245572"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244836"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T00:30:43.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245571"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245572"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244836"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-8470",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000245571",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245571"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244253",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244253"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000245572",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245572"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244836",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244836"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-8470",
        "datePublished": "2020-03-18T00:30:44.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:44.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8468 (GCVE-0-2020-8468)

    Vulnerability from nvd – Published: 2020-03-18 00:30 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Content Validation Escape
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) Affected: OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:44.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245571"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245572"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244836"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-8468",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T19:43:09.794875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-74",
                    "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:47.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-8468 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Validation Escape",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T00:30:43.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245571"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245572"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244836"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-8468",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Content Validation Escape"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000245571",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245571"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244253",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244253"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000245572",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245572"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244836",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244836"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-8468",
        "datePublished": "2020-03-18T00:30:43.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:47.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8470 (GCVE-0-2020-8470)

    Vulnerability from cvelistv5 – Published: 2020-03-18 00:30 – Updated: 2024-08-04 10:03
    VLAI
    Summary
    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) Affected: OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:44.846Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245571"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245572"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244836"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T00:30:43.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245571"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245572"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244836"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-8470",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000245571",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245571"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244253",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244253"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000245572",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245572"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244836",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244836"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-8470",
        "datePublished": "2020-03-18T00:30:44.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:44.846Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8598 (GCVE-0-2020-8598)

    Vulnerability from cvelistv5 – Published: 2020-03-18 00:30 – Updated: 2024-08-04 10:03
    VLAI
    Summary
    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) Affected: OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:45.801Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245571"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245572"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244836"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T00:30:44.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245571"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245572"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244836"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-8598",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000245571",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245571"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244253",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244253"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000245572",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245572"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244836",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244836"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-8598",
        "datePublished": "2020-03-18T00:30:44.000Z",
        "dateReserved": "2020-02-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:03:45.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8468 (GCVE-0-2020-8468)

    Vulnerability from cvelistv5 – Published: 2020-03-18 00:30 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Content Validation Escape
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) Affected: OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:03:44.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245571"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000245572"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000244836"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-8468",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T19:43:09.794875Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-74",
                    "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:47.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-8468 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Validation Escape",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T00:30:43.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245571"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000245572"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000244836"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-8468",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Content Validation Escape"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000245571",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245571"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244253",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244253"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000245572",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000245572"
                },
                {
                  "name": "https://success.trendmicro.com/jp/solution/000244836",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/jp/solution/000244836"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-8468",
        "datePublished": "2020-03-18T00:30:43.000Z",
        "dateReserved": "2020-01-30T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:47.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }