CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-25331
https://notcve.org/view.php?id=CVE-2022-25331
Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. Unas excepciones no capturadas que pueden generarse en Trend Micro ServerProtection Information Server versión 6.0/5.8, podrían permitir a un atacante remoto bloquear el proceso • https://success.trendmicro.com/solution/000290507 https://www.tenable.com/security/research/tra-2022-05 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-25330
https://notcve.org/view.php?id=CVE-2022-25330
Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. Unas condiciones de desbordamiento de enteros que se presentan en Trend Micro ServerProtect Information Server versión 6.0/5.8, podrían permitir a un atacante remoto bloquear el proceso o lograr una ejecución de código remota • https://success.trendmicro.com/solution/000290507 https://www.tenable.com/security/research/tra-2022-05 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-25329
https://notcve.org/view.php?id=CVE-2022-25329
Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions. Trend Micro ServerProtect Information Server versión 6.0/5.8, usa una credencial estática para llevar a cabo la autenticación cuando es escrito un comando específico en la consola. Un atacante remoto no autenticado con acceso al Information Server podría aprovechar esto para registrarse en el servidor y llevar a cabo acciones autenticadas • https://success.trendmicro.com/solution/000290507 https://www.tenable.com/security/research/tra-2022-05 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2021-36745 – Trend Micro ServerProtect Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-36745
A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. Una vulnerabilidad en Trend Micro ServerProtect for Storage versión 6.0, ServerProtect for EMC Celerra versión 5.8, ServerProtect for Network Appliance Filers versión 5.8 y ServerProtect for Microsoft Windows / Novell Netware versión 5.8 podría permitir a un atacante remoto omitir la autenticación en las instalaciones afectadas This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ServerProtect console. The issue results from the lack of proper validation prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system. • https://success.trendmicro.com/jp/solution/000289030 https://success.trendmicro.com/solution/000289038 https://www.zerodayinitiative.com/advisories/ZDI-21-1115 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando un archivo especialmente diseñado • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •