Lucene search

[email protected]NVD:CVE-2020-15604

HistorySep 24, 2020 - 2:15 a.m.

CVE-2020-15604

2020-09-2402:15:12

CWE-494

CWE-295

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

53.0%

JSON

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.

Affected configurations

NVD

Node

trendmicroantivirus\+_2019Range≤15.0

trendmicrointernet_security_2019Range≤15.0

trendmicromaximum_security_2019Range≤15.0

trendmicroofficescan_cloudMatch15

trendmicropremium_security_2019Range≤15.0

AND

microsoftwindowsMatch-

References

helpcenter.trendmicro.com/en-us/article/TMKA-09890

helpcenter.trendmicro.com/ja-jp/article/TMKA-09673

jvn.jp/en/jp/JVN60093979/

jvn.jp/jp/JVN60093979/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

53.0%

JSON

Related for NVD:CVE-2020-15604

cve1 cvelist1 prion1 jvn1