nvd-json-data-feeds/CVE-2020/CVE-2020-285xx/CVE-2020-28582.json

{
  "id": "CVE-2020-28582",
  "sourceIdentifier": "security@trendmicro.com",
  "published": "2020-12-01T19:15:12.680",
  "lastModified": "2021-07-21T11:39:23.747",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de control de acceso inapropiado en Trend Micro Apex One y OfficeScan XG SP1, podr\u00eda permitir a un usuario no autenticado conectarse al servidor del producto y revelar la cantidad de agentes administrados"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "64600B42-4884-41F2-A683-AE1EDB79372E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://success.trendmicro.com/solution/000281947",
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://success.trendmicro.com/solution/000281949",
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1386/",
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}