Skip to main content

CVE-2020-8468

HIGH
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2020-03-18 security@trendmicro.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Oct 31, 2025 - 14:41 cisa
CISA KEV
Patch released
Oct 31, 2025 - 14:41 nvd
Patch available
CVE Published
Mar 18, 2020 - 01:15 nvd
HIGH 8.8

DescriptionCVE.org

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

AnalysisAI

Trend Micro Apex One and OfficeScan agents are vulnerable to content validation bypass, allowing authenticated attackers to manipulate agent client components and inject malicious content.

Technical ContextAI

The CWE-74 injection flaw in Trend Micro's agent content validation allows an attacker to inject malicious content that bypasses the validation checks. This requires prior authentication but can compromise the agent's integrity.

Affected ProductsAI

Trend Micro Apex One (2019) Trend Micro OfficeScan XG Trend Micro Worry-Free Business Security 9.0/9.5/10.0

RemediationAI

Apply Trend Micro patches. Monitor for unauthorized changes to agent configurations. Implement additional integrity monitoring beyond the endpoint protection platform.

Share

CVE-2020-8468 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy