PT-2020-20230 · Trend Micro · Trend Micro Apex One+1

Published

2020-03-18

Updated

2025-10-31

CVE-2020-8599

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One versions 2019 Trend Micro OfficeScan XG server

Description The issue concerns a vulnerable EXE file in Trend Micro Apex One and OfficeScan XG server, allowing a remote attacker to write arbitrary data to any path on affected installations and bypass ROOT login without requiring authentication.

Recommendations For Trend Micro Apex One version 2019, update to a version that fixes the vulnerable EXE file. For Trend Micro OfficeScan XG server, restrict access to the vulnerable EXE file until a patch is available. As a temporary workaround, consider disabling the vulnerable EXE file to prevent exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-8599

Affected Products

Officescan Xg Server

Trend Micro Apex One

PT-2020-20230 · Trend Micro · Trend Micro Apex One+1

CVE-2020-8599

Related Identifiers

Affected Products

References · 8