First published: Tue Dec 01 2020(Updated: )
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Apex One | =2019 | |
Trendmicro Officescan | =xg-sp1 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-28577 is an improper access control information disclosure vulnerability in Trend Micro Apex One.
CVE-2020-28577 allows remote attackers to disclose sensitive information without authentication on affected installations of Trend Micro Apex One.
CVE-2020-28577 affects Trend Micro Apex One 2019 and Trend Micro Apex One and Worry-Free Business Security, as well as Trendmicro Officescan xg-sp1.
CVE-2020-28577 has a severity rating of medium with a CVSS score of 5.3.
To fix the CVE-2020-28577 vulnerability, it is recommended to apply the patches and updates provided by Trend Micro.