Back to KEVs

CVE-2020-8599

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an...

Basic Information

CVE State: PUBLISHED
Reserved Date: February 04, 2020
Published Date: March 18, 2020
Last Updated: October 21, 2025
Vendor: Trend Micro
Product: Trend Micro OfficeScan, Trend Micro Apex One
Description: Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source

References

https://success.trendmicro.com/solution/000245571 https://success.trendmicro.com/jp/solution/000244253

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC
CISA	2021-11-03 00:00:00 UTC

Timeline

CVE ID Reserved

February 04, 2020
CVE Published to Public

March 18, 2020
Added to KEVIntel

November 03, 2021
Added to KEVIntel

November 03, 2021