First published: Tue Dec 01 2020(Updated: )
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Apex One | =2019 | |
Trendmicro Officescan | =xg-sp1 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-28583.
The title of this vulnerability is Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability.
The severity of CVE-2020-28583 is medium with a CVSS score of 5.3.
CVE-2020-28583 allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan by exploiting an improper access control vulnerability in the web console.
No, authentication is not required to exploit CVE-2020-28583.
The affected software by CVE-2020-28583 includes Trend Micro OfficeScan, Trend Micro Trend Micro Apex One and Worry-Free Business Security (version 2019), and Trendmicro Officescan (version xg-sp1).
To fix CVE-2020-28583, it is recommended to apply the necessary updates or patches provided by Trend Micro.
You can find more information about CVE-2020-28583 on the following references: [Link 1](https://success.trendmicro.com/solution/000281947), [Link 2](https://success.trendmicro.com/solution/000281949), [Link 3](https://www.zerodayinitiative.com/advisories/ZDI-20-1387/).