Search
Find a vulnerability
Search criteria
6 vulnerabilities found for Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) by Trend Micro
CVE-2020-8598 (GCVE-0-2020-8598)
Vulnerability from nvd – Published: 2020-03-18 00:30 – Updated: 2024-08-04 10:03
VLAI
EPSS
VEX
Summary
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000245571 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244253 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000245572 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244836 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) |
Affected:
OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T00:30:44.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"version": {
"version_data": [
{
"version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000245571",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244253",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"name": "https://success.trendmicro.com/solution/000245572",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244836",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8598",
"datePublished": "2020-03-18T00:30:44.000Z",
"dateReserved": "2020-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:45.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8470 (GCVE-0-2020-8470)
Vulnerability from nvd – Published: 2020-03-18 00:30 – Updated: 2024-08-04 10:03
VLAI
EPSS
VEX
Summary
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000245571 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244253 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000245572 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244836 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) |
Affected:
OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T00:30:43.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"version": {
"version_data": [
{
"version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000245571",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244253",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"name": "https://success.trendmicro.com/solution/000245572",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244836",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8470",
"datePublished": "2020-03-18T00:30:44.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8468 (GCVE-0-2020-8468)
Vulnerability from nvd – Published: 2020-03-18 00:30 – Updated: 2025-10-21 23:35Summary
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Severity
8.8 (High)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Content Validation Escape
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000245571 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244253 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000245572 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244836 | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) |
Affected:
OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-8468",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:43:09.794875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:47.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2020-8468 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Content Validation Escape",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T00:30:43.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"version": {
"version_data": [
{
"version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Content Validation Escape"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000245571",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244253",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"name": "https://success.trendmicro.com/solution/000245572",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244836",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8468",
"datePublished": "2020-03-18T00:30:43.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:47.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8470 (GCVE-0-2020-8470)
Vulnerability from cvelistv5 – Published: 2020-03-18 00:30 – Updated: 2024-08-04 10:03
VLAI
EPSS
VEX
Summary
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000245571 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244253 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000245572 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244836 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) |
Affected:
OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T00:30:43.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"version": {
"version_data": [
{
"version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000245571",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244253",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"name": "https://success.trendmicro.com/solution/000245572",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244836",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8470",
"datePublished": "2020-03-18T00:30:44.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:44.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8598 (GCVE-0-2020-8598)
Vulnerability from cvelistv5 – Published: 2020-03-18 00:30 – Updated: 2024-08-04 10:03
VLAI
EPSS
VEX
Summary
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000245571 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244253 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000245572 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244836 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) |
Affected:
OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T00:30:44.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"version": {
"version_data": [
{
"version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000245571",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244253",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"name": "https://success.trendmicro.com/solution/000245572",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244836",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8598",
"datePublished": "2020-03-18T00:30:44.000Z",
"dateReserved": "2020-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:45.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8468 (GCVE-0-2020-8468)
Vulnerability from cvelistv5 – Published: 2020-03-18 00:30 – Updated: 2025-10-21 23:35Summary
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Severity
8.8 (High)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Content Validation Escape
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000245571 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244253 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000245572 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000244836 | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) |
Affected:
OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-8468",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:43:09.794875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:47.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8468"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2020-8468 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Content Validation Escape",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T00:30:43.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)",
"version": {
"version_data": [
{
"version_value": "OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Content Validation Escape"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000245571",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245571"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244253",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244253"
},
{
"name": "https://success.trendmicro.com/solution/000245572",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000245572"
},
{
"name": "https://success.trendmicro.com/jp/solution/000244836",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000244836"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8468",
"datePublished": "2020-03-18T00:30:43.000Z",
"dateReserved": "2020-01-30T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:47.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}