← Retour aux CVEs
CVE-2020-8599
CRITICALCISA KEV9.8
Description
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/18/2020
Derniere modification10/31/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurTrend Micro
ProduitApex One and OfficeScan
Nom vulnerabiliteTrend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown
Produits affectes
trendmicro:apex_onetrendmicro:officescan
References
https://success.trendmicro.com/jp/solution/000244253(security@trendmicro.com)
https://success.trendmicro.com/solution/000245571(security@trendmicro.com)
https://success.trendmicro.com/jp/solution/000244253(af854a3a-2127-422b-91ae-364da2661108)
https://success.trendmicro.com/solution/000245571(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8599(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.