Service DLL Vulnerability in Trend Micro Security Products
CVE-2020-8470

7.5HIGH

Key Information:

Vendor

Trend Micro
Status
Trend Micro Officescan, Trend Micro Apex One, Trend Micro Worry-free Business Security (wfbs)
Vendor
CVE Published:
18 March 2020

What is CVE-2020-8470?

A critical vulnerability in the server components of Trend Micro's Apex One, OfficeScan XG, and Worry-Free Business Security products allows an attacker to exploit a flawed service DLL file. This flaw enables attackers, with no authentication required, to delete any files on the server, posing a significant risk to data integrity and server operations. Organizations using these products must apply the necessary patches to mitigate potential threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS) OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0

References

https://success.trendmicro.com/solution/000245571
x_refsource_MISC
https://success.trendmicro.com/jp/solution/000244253
x_refsource_MISC
https://success.trendmicro.com/solution/000245572
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.