CVE-2020-8468

HIGH
2020-03-18 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Oct 31, 2025 - 14:41 cisa
CISA KEV
Patch Released
Oct 31, 2025 - 14:41 nvd
Patch available
CVE Published
Mar 18, 2020 - 01:15 nvd
HIGH 8.8

Description

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

Analysis

Trend Micro Apex One and OfficeScan agents are vulnerable to content validation bypass, allowing authenticated attackers to manipulate agent client components and inject malicious content.

Technical Context

The CWE-74 injection flaw in Trend Micro's agent content validation allows an attacker to inject malicious content that bypasses the validation checks. This requires prior authentication but can compromise the agent's integrity.

Affected Products

['Trend Micro Apex One (2019)', 'Trend Micro OfficeScan XG', 'Trend Micro Worry-Free Business Security 9.0/9.5/10.0']

Remediation

Apply Trend Micro patches. Monitor for unauthorized changes to agent configurations. Implement additional integrity monitoring beyond the endpoint protection platform.

Priority Score

122
Low Medium High Critical
KEV: +50
EPSS: +18.4
CVSS: +44
POC: 0

Share

CVE-2020-8468 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy