CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-8470
https://notcve.org/view.php?id=CVE-2020-8470
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atacante eliminar cualquier archivo en el servidor con privilegios de nivel SYSTEM. No es requerida una autenticación para explotar esta vulnerabilidad. • https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/jp/solution/000244836 https://success.trendmicro.com/solution/000245571 https://success.trendmicro.com/solution/000245572 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-8468 – Trend Micro Multiple Products Content Validation Escape Vulnerability
https://notcve.org/view.php?id=CVE-2020-8468
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Los agentes de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), están afectados por una vulnerabilidad de escape de comprobación de contenido que podría permitir a un atacante manipular determinados componentes del cliente del agente. Un intento de ataque requiere autenticación de usuario. Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components. • https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/jp/solution/000244836 https://success.trendmicro.com/solution/000245571 https://success.trendmicro.com/solution/000245572 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2020-8467 – Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8467
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. Un componente de la herramienta de migración de Trend Micro Apex One (2019) y OfficeScan XG, contiene una vulnerabilidad que podría permitir a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas (RCE). Un intento de ataque requiere autenticación de usuario. Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. • https://success.trendmicro.com/jp/solution/000244253 https://success.trendmicro.com/solution/000245571 •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2020-8600 – Trend Micro Worry-Free Business Security Directory Traversal Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-8600
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. Trend Micro Worry-Free Business Security versiones (9.0, 9.5, 10.0), está afectado por una vulnerabilidad de salto del directorio que podría permitir a un atacante manipular un archivo de clave para omitir una autenticación. This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the TempFileName parameter provided to the cgiRecvFile.exe endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://success.trendmicro.com/jp/solution/000244836 https://success.trendmicro.com/solution/000245572 https://www.zerodayinitiative.com/advisories/ZDI-20-307 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8469
https://notcve.org/view.php?id=CVE-2020-8469
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. Trend Micro Password Manager for Windows versión 5.0, está afectado por una vulnerabilidad de secuestro de DLL, que podría potencialmente permitir a un atacante una escalada privilegiada. • http://seclists.org/fulldisclosure/2020/Jun/30 https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124168.aspx • CWE-427: Uncontrolled Search Path Element •