CVE-2020-8599: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability (NVD, CISA).

The vulnerability (CVE-2020-8599) is rated as critical and affects Trend Micro Apex One (2019) and OfficeScan XG server installations. The vulnerability exists in a vulnerable EXE file that allows unauthorized data writing and ROOT login bypass. No authentication is required for exploitation, making this a particularly severe security issue (Threatpost).

The vulnerability allows an unauthenticated remote attacker to write arbitrary data to arbitrary paths on affected installations and bypass ROOT login authentication. This level of access could potentially lead to complete system compromise (Threatpost).

Trend Micro has released security updates to address this vulnerability. Organizations are strongly encouraged to apply the available patches as soon as possible. The vulnerability was added to CISA's Known Exploited Vulnerabilities Catalog, with a remediation due date of May 3, 2022 (CISA).