PT-2020-20156 · Trend Micro · Trend Micro Worry-Free Business Security+2

Published

2020-03-18

Updated

2021-07-21

CVE-2020-8470

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One version 2019 Trend Micro OfficeScan XG versions 9.0 through 10.0 Trend Micro Worry-Free Business Security versions 9.0 through 10.0

Description The server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this issue.

Recommendations For Trend Micro Apex One version 2019, update to a version that includes a fix for the vulnerable service DLL file. For Trend Micro OfficeScan XG versions 9.0 through 10.0, update to a version that includes a fix for the vulnerable service DLL file. For Trend Micro Worry-Free Business Security versions 9.0 through 10.0, update to a version that includes a fix for the vulnerable service DLL file.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-8470

Affected Products

Trend Micro Apex One

Trend Micro Officescan Xg

Trend Micro Worry-Free Business Security

PT-2020-20156 · Trend Micro · Trend Micro Worry-Free Business Security+2

CVE-2020-8470

Related Identifiers

Affected Products

References · 7