Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15605

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.

Published

2020-08-27T21:15:12.290

Last Modified

2024-11-21T05:05:50.803

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

4.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	deep_security_manager	10.0	Yes
Application	trendmicro	deep_security_manager	11.0	Yes
Application	trendmicro	deep_security_manager	12.0	Yes
Application	trendmicro	vulnerability_protection	2.0	Yes
Operating System	microsoft	windows	-	No

References

https://success.trendmicro.com/solution/000252039 Patch, Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-20-1083/ Third Party Advisory, VDB Entry ([email protected])
https://success.trendmicro.com/solution/000252039 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-1083/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)