← Back

CVE-2020-15605

nvd nist
Published: Aug 27, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.

Affected (4)

Trendmicro
2 products
Deep Security Manager
Vulnerability Protection
Configuration A
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Trendmicro
Deep Security Manager
Version 10.0
Deep Security Manager
Version 11.0
Deep Security Manager
Version 12.0
Vulnerability Protection
Version 2.0 sp2
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: security@trendmicro.com
PatchVendor Advisory
Source: security@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.