CVE-2020-28577 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-28577
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. Una vulnerabilidad de divulgación de información de control de acceso inapropiado en Trend Micro Apex One y OfficeScan XG SP1, podría permitir a un usuario no autenticado conectarse al servidor del producto y revelar el nombre de host del servidor y los nombres de la base de datos This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000281947 https://success.trendmicro.com/solution/000281949 https://www.zerodayinitiative.com/advisories/ZDI-20-1376 •
CVE-2020-28572
https://notcve.org/view.php?id=CVE-2020-28572
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. Una vulnerabilidad en Trend Micro Apex One, podría permitir a un usuario no privilegiado abusar el instalador del producto para reinstalar el agente con código malicioso adicional en el contexto de un privilegio superior • https://success.trendmicro.com/solution/000281949 •
CVE-2020-24565 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24565
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One, puede permitir a un atacante local divulgar información confidencial a una cuenta poco privilegiada en instalaciones vulnerables del producto. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar estas vulnerabilidades.Los subs afectados por esta vulnerabilidad la hacen única en comparación con CVE similares, como CVE-2020-24564 y CVE-2020-25770 This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1220 • CWE-125: Out-of-bounds Read •
CVE-2020-25774 – Trend Micro OfficeScan ServerMigrationTool ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25774
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Una vulnerabilidad en el componente ServerMigrationTool de Trend Micro Apex One, podría permitir a un atacante desencadenar una divulgación de información roja fuera de límites que divulgaría información confidencial a una cuenta poco privilegiada. Es requerida una interacción del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una página maliciosa o abrir un archivo malicioso This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan ServerMigrationTool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1225 • CWE-125: Out-of-bounds Read •
CVE-2020-25770 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25770
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One, puede permitir a un atacante local divulgar información confidencial a una cuenta poco privilegiada en instalaciones vulnerables del producto. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar estas vulnerabilidades. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1221 • CWE-125: Out-of-bounds Read •