CVE-2020-8467: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability (CVE-2020-8467) which could allow remote attackers to execute arbitrary code on affected installations. The vulnerability was discovered and disclosed in March 2020, requiring user authentication for exploitation (CVE Mitre, NVD).

The vulnerability has been assigned a critical severity rating with a CVSS score of 9.1. It specifically affects a migration tool component in Trend Micro Apex One (2019) and OfficeScan XG, potentially allowing authenticated remote code execution (RCE) (Tenable Blog, Dark Reading).

If successfully exploited, the vulnerability allows authenticated attackers to execute arbitrary code on affected installations, potentially giving them significant control over the compromised systems (CVE Mitre).

Trend Micro has released security patches to address this vulnerability. For Apex One 2019, users should update to CP 2117, and for OfficeScan XG SP1, users should update to XG SP1 CP 5474. OfficeScan XG (non-SP) users should update to XG CP 1988 (Tenable Blog).

The vulnerability was treated as a zero-day threat and received immediate attention from the security community. Trend Micro promptly addressed the issue by releasing patches, demonstrating the severity of the vulnerability (Dark Reading).