CVE-2020-8468

ENISA EUVD: EUVD-2020-29334 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 1 article Published: 2020-03-18
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
19.09%
probability
This CVE has a 19.09% probability of being exploited in the next 30 days.
0% Top 95.4th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

6.5
MEDIUM
Access Vector
Network
Access Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
AV:N/AC:L/Au:S/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

Affected Products

Trend Micro
Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)
OfficeScan XG (12.0), Apex One 2019 (14.0), WFBS 9.0, 9.5 and 10.0

Google Project Zero

Patched
March 16, 2020
Reported by
Trend Micro Research
Root Cause Analysis
???

Signal Intelligence

Confidence
78%
EPSS 19.09%
CVSS v3.1 8.8
Mentions 1
Last Seen Mar 18, 2020

CNA Information

CNA Assigner
trendmicro

Analyst Note

CVE-2020-8468 is confirmed as a legitimate vulnerability affecting multiple Trend Micro products with a HIGH CVSS score (8.8) and validation from CERT-EU advisory. The vulnerability requires user authentication and involves content validation escape in agent components, reducing exploitability but confirming the threat's authenticity.

Triage Info

Decided atMar 03, 2026
Published DateMar 18, 2020