CVE-2020-28575

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.

Published: Dec 1, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-28575
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
trendmicro / serverprotect	3.0	3.0.x

https://success.trendmicro.com/solution/000281950
https://www.zerodayinitiative.com/advisories/ZDI-20-1378/

Vulnerability Database

289,697

CVE-2020-28575