Authentication Bypass Vulnerability in Trend Micro ServerProtect Products
CVE-2021-36745

9.8CRITICAL

Key Information:

Vendor
Trend Micro
Status
Trend Micro Serverprotect For Storage
Trend Micro Serverprotect For Emc Celerra
Trend Micro Serverprotect For Network Appliance Filers
Trend Micro Serverprotect For Microsoft Windows / Novell Netware
Vendor
CVE Published:
29 September 2021

Summary

A vulnerability exists in multiple versions of Trend Micro ServerProtect products, enabling remote attackers to bypass authentication mechanisms on affected installations. This flaw could lead directly to unauthorized access, posing significant security risks to systems relying on these products. Proper security measures should be evaluated to mitigate potential exploitation.

Affected Version(s)

Trend Micro ServerProtect for EMC Celerra 5.8

Trend Micro ServerProtect for Microsoft Windows / Novell Netware 5.8

Trend Micro ServerProtect for Network Appliance Filers 5.8

References

https://success.trendmicro.com/solution/000289038
x_refsource_MISC
https://success.trendmicro.com/jp/solution/000289030
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1115/
x_refsource_MISC

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.