- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerabilities in Trend Micro's Products
Alerts
Critical Vulnerabilities in Trend Micro's Products
17 March 2020
Trend Micro has released critical patches to address multiple vulnerabilities in their Trend Micro Apex One, OfficeScan XG, and Worry-Free Business Security products. Active attacks on some of these vulnerabilities have been observed.
The vulnerabilities are tabled based on their severity classification, which is based on their CVSSv3 base scores:
Critical vulnerabilities
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
|---|---|
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
Vulnerabilities
CVE Number | Description | Base Score | Affected Product |
|---|---|---|---|
CVE-2020-8467 | This vulnerability exists in a migration tool component which could allow a remote attacker to execute arbitrary code on affected installations. Trend Micro has observed at least one active attempt of potential exploitation of this vulnerability in the wild. | 9.1 | Trend Micro Apex One 2019 OfficeScan XG |
CVE-2020-8468 | This vulnerability exists in a content validation escape which could allow an attacker to manipulate certain agent client components. Trend Micro has observed at least one active attempt of potential exploitation of this vulnerability in the wild. | 8.0 | Trend Micro Apex One 2019 OfficeScan XG OfficeScan XG SP1 Worry-Free Business Security Ver. 9.5 Worry-Free Business Security Ver. 10.0 |
CVE-2020-8470 | This vulnerability exists in a service DLL file which could allow an attacker to delete any file on the server with SYSTEM level privileges. | 10 | Trend Micro Apex One 2019 OfficeScan XG OfficeScan XG SP1 Worry-Free Business Security Ver. 9.5 Worry-Free Business Security Ver. 10.0 |
CVE-2020-8598 | This vulnerability exists in a service DLL file which could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. | 10 | Trend Micro Apex One 2019 OfficeScan XG OfficeScan XG SP1 Worry-Free Business Security Ver. 9.5 Worry-Free Business Security Ver. 10.0 |
CVE-2020-8599 | This vulnerability exists in an EXE file which could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. | 10 | Trend Micro Apex One 2019 OfficeScan XG OfficeScan XG SP1 |
CVE-2020-8600 | This vulnerability exists in the directory traversal which could allow an attacker to manipulate a key file to bypass authentication. | 8.6 | Worry-Free Business Security Ver. 9.5 |
Users and system administrators are strongly advised to update to the latest builds as soon as possible.
More information is available here: