Threat Advisories - NVD Disclosed March 18, 2020

CVE-2020-8599

Trend Micro Apex One and OfficeScan Arbitrary Data Write Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Trend Micro Apex One and OfficeScan servers have a flaw that could allow an unauthorized remote attacker to write data to any location. This bypasses login protections, posing a business risk of system compromise and data loss. <hr> This CVE affects Trend Micro Apex One and OfficeScan servers, allowing remote attackers

NVD published: March 18, 2020 • CISA KEV

CVE advisoryKnown Exploit

CVE-2020-8468

Trend Micro Agent Component Manipulation Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A content validation vulnerability affects Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents. Exploitation requires user authentication and can allow an attacker to manipulate agent components, posing a risk to data and system integrity.

NVD published: March 18, 2020 • CISA KEV

CVE advisoryKnown Exploit

CVE-2020-8467

Trend Micro Apex One and OfficeScan RCE Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A migration tool component in Trend Micro Apex One and OfficeScan has a flaw allowing authenticated remote attackers to execute arbitrary code. This could lead to unauthorized access and compromise of business systems and data.

NVD published: March 18, 2020 • CISA KEV