An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24565
Reference (s):
- https://success.trendmicro.com/solution/000271974
- URL: https://success.trendmicro.com/solution/000271974
- https://www.zerodayinitiative.com/advisories/ZDI-20-1220/
- URL: https://www.zerodayinitiative.com/advisories/ZDI-20-1220/