7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
52.2%
Active Update function implemented in Premium Security 2019 for Windows (v15), Maximum Security 2019 for Windows (v15), Internet Security 2019 for Windows (v15) and Antivirus+ 2019 for Windows (v15) provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.
Update files are not properly verified (CWE-494) - CVE-2020-15604
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | Base Score: 5.9 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:C/A:N | Base Score: 5.4 |
Improper server certificate verification in the communication with the update server (CWE-295) - CVE-2020-24560
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | Base Score: 5.9 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:C/A:N | Base Score: 5.4 |
Note that CVSS analysis of CVE-2020-15604 and CVE-2020-24560 assumes a man-in-the-middle attack being conducted by an attacker that places a malicious wireless LAN access point.
By downloading a specially crafted file, arbitrary code may be executed with SYSTEM privilege.
Update the software
Apply the appropriate update according to the information provided by the developer.
According to the developer, these vulnerabilities have been resolved in all Titanium Versions at or above 2020 (v16) and 2021 (v17).
Note the developer states that the users who still use the obsolete versions that are no longer supported are recommended to upgrade to the latest supported versions.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
52.2%