Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.
References
Link | Resource |
---|---|
https://success.trendmicro.com/solution/000290507 | Patch Vendor Advisory |
https://www.tenable.com/security/research/tra-2022-05 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: trendmicro
Published: 2022-02-24T02:45:21
Updated: 2022-02-24T02:45:21
Reserved: 2022-02-18T00:00:00
Link: CVE-2022-25329
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-24T03:15:43.970
Modified: 2022-03-03T03:48:33.937
Link: CVE-2022-25329
JSON object: View
Redhat Information
No data.
CWE