Buffer overflow in Trend Micro Serverprotect For Linux
CVE-2020-28575
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-pr…
Vulnerability class: Buffer Overflow
EPSS: 0.007 (47.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Trend Micro Serverprotect For Linux — versions 3.0
- Trendmicro Serverprotect — versions 3.0
Weakness classification (CWE)
References
- security@trendmicro.com (x_refsource_MISC, Vendor Advisory)
- security@trendmicro.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-28575?
- CVE-2020-28575 is a medium-severity vulnerability in Trend Micro Serverprotect For Linux, classified under Out-of-bounds Write. CVSS score: 6.7/10. Published 2020-12-01.
- How severe is CVE-2020-28575?
- Medium severity. CVSS v3 base score is 6.7 out of 10.