Improper Authentication in Trend Micro products - CVE-2021-36745
Published: September 24, 2021
Vulnerability identifier: #VU56849
CSH Severity: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2021-36745
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ServerProtect
ServerProtect for Storage (SPFS)
ServerProtect for EMC Celerra (SPEMC)
ServerProtect for Network Appliance Filers (SPNAF)
ServerProtect for Microsoft Windows / Novell Netware (SPNT)
ServerProtect
ServerProtect for Storage (SPFS)
ServerProtect for EMC Celerra (SPEMC)
ServerProtect for Network Appliance Filers (SPNAF)
ServerProtect for Microsoft Windows / Novell Netware (SPNT)
Software vendor:
Trend Micro
Trend Micro
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can bypass the authentication process and gain unauthorized access to the system.
Successful exploitation of the vulnerability may allow an attacker to gain complete control over the affected system.
Remediation
Install updates from vendor's website.