{"api_version":"1","generated_at":"2026-04-23T04:20:49+00:00","cve":"CVE-2020-15604","urls":{"html":"https://cve.report/CVE-2020-15604","api":"https://cve.report/api/cve/CVE-2020-15604.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-15604","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-15604"},"summary":{"title":"CVE-2020-15604","description":"An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.","state":"PUBLIC","assigner":"security@trendmicro.com","published_at":"2020-09-24 02:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-295","CWE-494"],"metrics":[],"references":[{"url":"https://jvn.jp/en/jp/JVN60093979/","name":"https://jvn.jp/en/jp/JVN60093979/","refsource":"MISC","tags":["Third Party Advisory"],"title":"JVN#60093979: Multiple vulnerabilities in Active Update function implemented in multiple Trend Micro products","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673","name":"https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673","refsource":"MISC","tags":["Vendor Advisory"],"title":"アラート/アドバイザリ：ウイルスバスター クラウドの脆弱性について(CVE-2020-15604/CVE-2020-24560) · Trend Micro for Home","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://jvn.jp/jp/JVN60093979/","name":"https://jvn.jp/jp/JVN60093979/","refsource":"MISC","tags":["Third Party Advisory"],"title":"JVN#60093979: ウイルスバスター クラウド (Windows版) に実装された Active Update 機能における複数の脆弱性","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://helpcenter.trendmicro.com/en-us/article/TMKA-09890","name":"https://helpcenter.trendmicro.com/en-us/article/TMKA-09890","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Bulletin:  Trend Micro Security 2019 (Consumer) Incomplete SSL Server Certification Validation Vulnerability · Trend Micro for Home","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-15604","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15604","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"15604","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15604","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15604","vulnerable":"1","versionEndIncluding":"15.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trendmicro","cpe5":"antivirus\\+_2019","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15604","vulnerable":"1","versionEndIncluding":"15.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trendmicro","cpe5":"internet_security_2019","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15604","vulnerable":"1","versionEndIncluding":"15.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trendmicro","cpe5":"maximum_security_2019","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15604","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trendmicro","cpe5":"officescan_cloud","cpe6":"15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15604","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trendmicro","cpe5":"officescan_cloud","cpe6":"15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15604","vulnerable":"1","versionEndIncluding":"15.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trendmicro","cpe5":"premium_security_2019","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@trendmicro.com","ID":"CVE-2020-15604","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Trend Micro Security (Consumer)","version":{"version_data":[{"version_value":"2019 (v15)"}]}}]},"vendor_name":"Trend Micro"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Update files not properly verified"}]}]},"references":{"reference_data":[{"url":"https://helpcenter.trendmicro.com/en-us/article/TMKA-09890","refsource":"MISC","name":"https://helpcenter.trendmicro.com/en-us/article/TMKA-09890"},{"url":"https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673","refsource":"MISC","name":"https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673"},{"url":"https://jvn.jp/en/jp/JVN60093979/","refsource":"MISC","name":"https://jvn.jp/en/jp/JVN60093979/"},{"url":"https://jvn.jp/jp/JVN60093979/","refsource":"MISC","name":"https://jvn.jp/jp/JVN60093979/"}]}},"nvd":{"publishedDate":"2020-09-24 02:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-295","CWE-494"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:trendmicro:antivirus\\+_2019:*:*:*:*:*:*:*:*","versionEndIncluding":"15.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:trendmicro:internet_security_2019:*:*:*:*:*:*:*:*","versionEndIncluding":"15.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:trendmicro:maximum_security_2019:*:*:*:*:*:*:*:*","versionEndIncluding":"15.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:trendmicro:officescan_cloud:15:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:trendmicro:premium_security_2019:*:*:*:*:*:*:*:*","versionEndIncluding":"15.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"15604","Ordinal":"177002","Title":"CVE-2020-15604","CVE":"CVE-2020-15604","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"15604","Ordinal":"1","NoteData":"An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"15604","Ordinal":"2","NoteData":"2020-09-23","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"15604","Ordinal":"3","NoteData":"2020-09-23","Type":"Other","Title":"Modified"}]}}}