PT-2020-1851 · Trend Micro · Trend Micro Apex One+1

Published

2020-03-16

Updated

2025-10-31

CVE-2020-8467

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One version 2019 Trend Micro OfficeScan XG

Description The vulnerability in the migration tool component of Trend Micro Apex One and OfficeScan could allow remote attackers to execute arbitrary code on affected installations. This is a remote code execution (RCE) issue. An attempted attack requires user authentication. The vulnerability is related to errors in code generation management.

Recommendations For Trend Micro Apex One version 2019, update to a version that includes the fix for this issue. For Trend Micro OfficeScan XG, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the migration tool component until a patch is available.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2020-01127

CVE-2020-8467

Affected Products

Officescan Xg

Trend Micro Apex One

PT-2020-1851 · Trend Micro · Trend Micro Apex One+1

CVE-2020-8467

Weakness Enumeration

Related Identifiers

Affected Products

References · 12