CVE Vulnerabilities

CVE-2020-15604

Improper Certificate Validation

Published: Sep 24, 2020 | Modified: Jul 21, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Antivirus+_2019 Trendmicro * 15.0 (including)
Internet_security_2019 Trendmicro * 15.0 (including)
Maximum_security_2019 Trendmicro * 15.0 (including)
Officescan_cloud Trendmicro 15 (including) 15 (including)
Premium_security_2019 Trendmicro * 15.0 (including)

Potential Mitigations

References