Description
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000245571
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/jp/solution/000244253
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000245572
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/jp/solution/000244836
Scores
CVSS v3
7.5
EPSS
0.0112
EPSS Percentile
78.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (5)
trendmicro/apex_one
2019
trendmicro/officescan
xg (2 CPE variants)
trendmicro/worry-free_business_security
9.0 sp3
trendmicro/worry-free_business_security
9.5
trendmicro/worry-free_business_security
10.0 (2 CPE variants)
Published
Mar 18, 2020
Tracked Since
Feb 18, 2026