CVE-2020-15604

HIGH

Trendmicro Antivirus+ 2019 < 15.0 - Improper Certificate Validation

Title source: rule

Description

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.

References (4)

[Vendor Advisory] https://helpcenter.trendmicro.com/en-us/article/TMKA-09890

[Vendor Advisory] https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673

[Third Party Advisory] https://jvn.jp/en/jp/JVN60093979/

[Third Party Advisory] https://jvn.jp/jp/JVN60093979/

Scores

CVSS v3 7.5

EPSS 0.0023

EPSS Percentile 46.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-295 CWE-494

Status published

Products (5)

trendmicro/antivirus\+_2019 < 15.0

trendmicro/internet_security_2019 < 15.0

trendmicro/maximum_security_2019 < 15.0

trendmicro/officescan_cloud 15

trendmicro/premium_security_2019 < 15.0

Published Sep 24, 2020

Tracked Since Feb 18, 2026