{"api_version":"1","generated_at":"2026-04-23T04:09:02+00:00","cve":"CVE-2020-28575","urls":{"html":"https://cve.report/CVE-2020-28575","api":"https://cve.report/api/cve/CVE-2020-28575.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-28575","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-28575"},"summary":{"title":"CVE-2020-28575","description":"A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.","state":"PUBLIC","assigner":"security@trendmicro.com","published_at":"2020-12-01 19:15:00","updated_at":"2020-12-02 15:46:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://success.trendmicro.com/solution/000281950","name":"https://success.trendmicro.com/solution/000281950","refsource":"MISC","tags":["Vendor Advisory"],"title":"New KHM for heap-based buffer overflow privilege - ServerProtect for Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1378/","name":"https://www.zerodayinitiative.com/advisories/ZDI-20-1378/","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"ZDI-20-1378 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-28575","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28575","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"28575","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trendmicro","cpe5":"serverprotect","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"linux","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28575","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"trendmicro","cpe5":"serverprotect","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"linux","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@trendmicro.com","ID":"CVE-2020-28575","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Trend Micro ServerProtect for Linux","version":{"version_data":[{"version_value":"3.0"}]}}]},"vendor_name":"Trend Micro"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Heap-based Buffer Overflow Privilege Escalation"}]}]},"references":{"reference_data":[{"url":"https://success.trendmicro.com/solution/000281950","refsource":"MISC","name":"https://success.trendmicro.com/solution/000281950"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1378/","refsource":"MISC","name":"https://www.zerodayinitiative.com/advisories/ZDI-20-1378/"}]}},"nvd":{"publishedDate":"2020-12-01 19:15:00","lastModifiedDate":"2020-12-02 15:46:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:trendmicro:serverprotect:3.0:*:*:*:*:linux:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"28575","Ordinal":"191062","Title":"CVE-2020-28575","CVE":"CVE-2020-28575","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"28575","Ordinal":"1","NoteData":"A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"28575","Ordinal":"2","NoteData":"2020-12-01","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"28575","Ordinal":"3","NoteData":"2020-12-01","Type":"Other","Title":"Modified"}]}}}