← Back

CVE-2022-25329

nvd nist
Published: Feb 24, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.

Affected (5)

Trendmicro
3 products
Serverprotect
Serverprotect For Network Appliance Filer
Serverprotect For Storage
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Trendmicro
Serverprotect
Version 5.8
Serverprotect
Version 5.8
Serverprotect
Version 5.8
Serverprotect For Network Appliance Filer
Version 5.8
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Serverprotect For Storage
Version 6.0
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

Source: security@trendmicro.com
PatchVendor Advisory
Source: security@trendmicro.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.