CVE-2022-25330

Published: Feb 24, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution.

Affected (5)

Products: Trendmicro: Serverprotect, Serverprotect For Network Appliance Filer, Serverprotect For Storage

3 products

Serverprotect For Network Appliance Filer

Serverprotect For Storage

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Serverprotect	Version 5.8
Trendmicro Serverprotect	Version 5.8
Trendmicro Serverprotect	Version 5.8
Trendmicro Serverprotect For Network Appliance Filer	Version 5.8

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendmicro Serverprotect For Storage	Version 6.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (4)

https://success.trendmicro.com/solution/000290507

Source: security@trendmicro.com

PatchVendor Advisory

https://www.tenable.com/security/research/tra-2022-05

Source: security@trendmicro.com

ExploitThird Party Advisory

https://success.trendmicro.com/solution/000290507

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.tenable.com/security/research/tra-2022-05

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.