CVE-2022-25329
N/A
N/A
Summary
Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trend Micro | Trend Micro ServerProtect for Storage | 6.0 | affected |
| Trend Micro | Trend Micro ServerProtect for Microsoft Windows / Novell NetWare | 5.8 | affected |
| Trend Micro | Trend Micro ServerProtect for EMC Celerra | 5.8 | affected |
| Trend Micro | Trend Micro ServerProtect for Network Appliance Filers | 5.8 | affected |
Weaknesses
- Static Credential
ADP Enrichment
CVE Program Container
Additional References
- https://success.trendmicro.com/solution/000290507
- https://www.tenable.com/security/research/tra-2022-05
References
- https://success.trendmicro.com/solution/000290507
- https://www.tenable.com/security/research/tra-2022-05
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.