If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.
References
Link | Resource |
---|---|
https://success.trendmicro.com/solution/000252039 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-20-1077/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: trendmicro
Published: 2020-08-27T20:35:18
Updated: 2020-08-27T20:35:18
Reserved: 2020-07-07T00:00:00
Link: CVE-2020-15601
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-27T21:15:12.227
Modified: 2020-09-03T15:06:17.360
Link: CVE-2020-15601
JSON object: View
Redhat Information
No data.
CWE