CVE-2020-24565 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24565
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One, puede permitir a un atacante local divulgar información confidencial a una cuenta poco privilegiada en instalaciones vulnerables del producto. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar estas vulnerabilidades.Los subs afectados por esta vulnerabilidad la hacen única en comparación con CVE similares, como CVE-2020-24564 y CVE-2020-25770 This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1220 • CWE-125: Out-of-bounds Read •
CVE-2020-25774 – Trend Micro OfficeScan ServerMigrationTool ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25774
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Una vulnerabilidad en el componente ServerMigrationTool de Trend Micro Apex One, podría permitir a un atacante desencadenar una divulgación de información roja fuera de límites que divulgaría información confidencial a una cuenta poco privilegiada. Es requerida una interacción del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una página maliciosa o abrir un archivo malicioso This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan ServerMigrationTool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1225 • CWE-125: Out-of-bounds Read •
CVE-2020-25770 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25770
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One, puede permitir a un atacante local divulgar información confidencial a una cuenta poco privilegiada en instalaciones vulnerables del producto. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar estas vulnerabilidades. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1221 • CWE-125: Out-of-bounds Read •
CVE-2020-24563 – Trend Micro Apex One Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-24563
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability. Una vulnerabilidad en Trend Micro Apex One, puede permitir a un atacante local manipular el proceso de la opción de descarga del agente de seguridad (si está configurada), que luego podría ser manipulado para obtener una escalada de privilegios y una ejecución de código. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ApexOne Security Agent. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1218 • CWE-287: Improper Authentication •
CVE-2020-24564 – Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24564
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One, puede permitir a un atacante local divulgar información confidencial a una cuenta poco privilegiada en instalaciones vulnerables del producto. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar estas vulnerabilidades. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1219 • CWE-125: Out-of-bounds Read •