CVE-2020-28573

Description

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.

Affected products

• Trend Micro / Trend Micro Apex One2019 – 2019
• Trend Micro / Trend Micro OfficeScanXG SP1 – XG SP1

References

• MISChttps://success.trendmicro.com/solution/000281949
• MISChttps://success.trendmicro.com/solution/000281947
• VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-20-1374/