First published: Wed Mar 18 2020(Updated: )
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Apex One | =2019 | |
Trendmicro Officescan | =xg | |
Trendmicro Officescan | =xg-sp1 | |
Trendmicro Worry-free Business Security | =9.0-sp3 | |
Trendmicro Worry-free Business Security | =9.5 | |
Trendmicro Worry-free Business Security | =10.0 | |
Trendmicro Worry-free Business Security | =10.0-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8470 is a vulnerability in Trend Micro Apex One (2019), OfficeScan XG, and Worry-Free Business Security (9.0, 9.5, 10.0) server that allows an attacker to delete any file on the server with SYSTEM level privileges.
CVE-2020-8470 is considered critical with a severity score of 7.5.
Trend Micro Apex One (2019), OfficeScan XG, and Worry-Free Business Security versions 9.0, 9.5, and 10.0 are affected by CVE-2020-8470.
No, authentication is not required to exploit CVE-2020-8470.
To fix CVE-2020-8470, apply the necessary security patches provided by Trend Micro.