First published: Tue Dec 01 2020(Updated: )
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Apex One | =2019 | |
Trendmicro Officescan | =xg-sp1 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28573 is a vulnerability that allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One.
Remote attackers can exploit CVE-2020-28573 without authentication by using the specific flaw within the web console of Trend Micro Apex One.
CVE-2020-28573 has a severity of medium, with a severity value of 5.3.
Trend Micro Apex One installations from 2019 version and Trend Micro Trend Micro Apex One and Worry-Free Business Security installations are affected by CVE-2020-28573.
To fix CVE-2020-28573, it is recommended to apply the necessary security patch provided by Trend Micro.