CVE-2020-24560
N/A
N/A
Summary
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trend Micro | Trend Micro Security (Consumer) | 2019 (v15) | affected |
Weaknesses
- Improper Certification Validation
ADP Enrichment
CVE Program Container
Additional References
- https://helpcenter.trendmicro.com/en-us/article/TMKA-09890
- https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673
- https://jvn.jp/en/jp/JVN60093979/
- https://jvn.jp/jp/JVN60093979/
References
- https://helpcenter.trendmicro.com/en-us/article/TMKA-09890
- https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673
- https://jvn.jp/en/jp/JVN60093979/
- https://jvn.jp/jp/JVN60093979/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.