CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2020-8598
https://notcve.org/view.php?id=CVE-2020-8598
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atacante remoto ejecutar código arbitrario en instalaciones afectadas con privilegios de nivel SYSTEM. No es requerida una autenticación para explotar esta vulnerabilidad. • https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/jp/solution/000244836 https://success.trendmicro.com/solution/000245571 https://success.trendmicro.com/solution/000245572 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-8470
https://notcve.org/view.php?id=CVE-2020-8470
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atacante eliminar cualquier archivo en el servidor con privilegios de nivel SYSTEM. No es requerida una autenticación para explotar esta vulnerabilidad. • https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/jp/solution/000244836 https://success.trendmicro.com/solution/000245571 https://success.trendmicro.com/solution/000245572 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-8468 – Trend Micro Multiple Products Content Validation Escape Vulnerability
https://notcve.org/view.php?id=CVE-2020-8468
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Los agentes de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), están afectados por una vulnerabilidad de escape de comprobación de contenido que podría permitir a un atacante manipular determinados componentes del cliente del agente. Un intento de ataque requiere autenticación de usuario. Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components. • https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/jp/solution/000244836 https://success.trendmicro.com/solution/000245571 https://success.trendmicro.com/solution/000245572 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2020-8467 – Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8467
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. Un componente de la herramienta de migración de Trend Micro Apex One (2019) y OfficeScan XG, contiene una vulnerabilidad que podría permitir a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas (RCE). Un intento de ataque requiere autenticación de usuario. Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. • https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/solution/000245571 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19692
https://notcve.org/view.php?id=CVE-2019-19692
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. Trend Micro Apex One (2019) está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) en la consola del producto. Tenga en cuenta que la versión japonesa del producto NO está afectada. • https://success.trendmicro.com/solution/000159569 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •