CVE-2020-8599
CRITICAL KEVTrend Micro Apex One & OfficeScan XG - Path Traversal
Title source: llmExploitation Summary
CVE-2020-8599 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
Description
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
References (3)
Core 3
Core References
Broken Link, Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000245571
Broken Link, Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/jp/solution/000244253
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8599
Scores
CVSS v3
9.8
EPSS
0.5786
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-11-03
InTheWild.io
2021-07-23
ENISA EUVD
EUVD-2020-29447
Status
published
Products (2)
trendmicro/apex_one
2019
trendmicro/officescan
xg (2 CPE variants)
Published
Mar 18, 2020
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026