CVE-2020-8468

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One version 2019 Trend Micro OfficeScan XG versions 9.0 through 10.0 Trend Micro Worry-Free Business Security versions 9.0 through 10.0

Description A content validation escape vulnerability exists in the affected products, which could allow an attacker to manipulate certain agent client components. This vulnerability can be exploited by a remote attacker, but it requires user authentication. The issue arises due to insufficient input validation.

Recommendations For Trend Micro Apex One version 2019, update to a version that includes the fix for this issue. For Trend Micro OfficeScan XG versions 9.0 through 10.0, update to a version that includes the fix for this issue. For Trend Micro Worry-Free Business Security versions 9.0 through 10.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable agent client components until a patch is available.