Vulnerability Description
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Apex One | 2019 |
| Trendmicro | Officescan | xg |
| Trendmicro | Worry-Free Business Security | 9.0 |
References
- https://success.trendmicro.com/jp/solution/000244253PatchVendor Advisory
- https://success.trendmicro.com/jp/solution/000244836PatchVendor Advisory
- https://success.trendmicro.com/solution/000245571PatchVendor Advisory
- https://success.trendmicro.com/solution/000245572PatchVendor Advisory
- https://success.trendmicro.com/jp/solution/000244253PatchVendor Advisory
- https://success.trendmicro.com/jp/solution/000244836PatchVendor Advisory
- https://success.trendmicro.com/solution/000245571PatchVendor Advisory
- https://success.trendmicro.com/solution/000245572PatchVendor Advisory
FAQ
What is CVE-2020-8470?
CVE-2020-8470 is a vulnerability with a CVSS score of 7.5 (HIGH). Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server...
How severe is CVE-2020-8470?
CVE-2020-8470 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8470?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Apex One, Trendmicro Officescan, Trendmicro Worry-Free Business Security.