CVE-2020-27013
Last modified
CVE-2020-27013 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Antivirus | 2020 |
References
- https://helpcenter.trendmicro.com/en-us/article/TMKA-09950Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-1243/Third Party Advisory, VDB Entry
- https://helpcenter.trendmicro.com/en-us/article/TMKA-09950Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-1243/Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-27013?
How severe is CVE-2020-27013?
How do I fix CVE-2020-27013?
Are you affected by CVE-2020-27013?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST