CVE-2020-8468
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
AnalysisAI
Trend Micro Apex One and OfficeScan agents are vulnerable to content validation bypass, allowing authenticated attackers to manipulate agent client components and inject malicious content.
Technical ContextAI
The CWE-74 injection flaw in Trend Micro's agent content validation allows an attacker to inject malicious content that bypasses the validation checks. This requires prior authentication but can compromise the agent's integrity.
Affected ProductsAI
Trend Micro Apex One (2019) Trend Micro OfficeScan XG Trend Micro Worry-Free Business Security 9.0/9.5/10.0
RemediationAI
Apply Trend Micro patches. Monitor for unauthorized changes to agent configurations. Implement additional integrity monitoring beyond the endpoint protection platform.
Share
External POC / Exploit Code
Leaving vuln.today