CVE-2022-25329

Summary

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.

Affected Software

VendorProductVersion RangeStatus
Trend MicroTrend Micro ServerProtect for Storage6.0affected
Trend MicroTrend Micro ServerProtect for Microsoft Windows / Novell NetWare5.8affected
Trend MicroTrend Micro ServerProtect for EMC Celerra5.8affected
Trend MicroTrend Micro ServerProtect for Network Appliance Filers5.8affected

Weaknesses

  • Static Credential

ADP Enrichment

CVE Program Container

Additional References

References