CVE-2020-28576

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://success.trendmicro.com/solution/000281947	Vendor Advisory
https://success.trendmicro.com/solution/000281949	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1375/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trendmicro:apex_one:2019:::::::*
	cpe:2.3:a:trendmicro:officescan:xg:sp1::::::

History

No history.

Information

Published : 2020-12-01 19:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-28576

Mitre link : CVE-2020-28576

CVE.ORG link : CVE-2020-28576

JSON object : View

Products Affected

trendmicro

officescan
apex_one

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-28576", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-12-01T19:15:12.007", "references": [{"url": "https://success.trendmicro.com/solution/000281947", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://success.trendmicro.com/solution/000281949", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1375/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de control de acceso inapropiado en Trend Micro Apex One y OfficeScan XG SP1, podr\u00eda permitir a un usuario no autenticado conectarse al servidor del producto y revelar informaci\u00f3n de versi\u00f3n y compilaci\u00f3n"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"}, {"criteria": "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64600B42-4884-41F2-A683-AE1EDB79372E"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}