CVE Vulnerabilities

CVE-2020-15605

Improper Authentication

Published: Aug 27, 2020 | Modified: Sep 03, 2020
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
5.1 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Deep_security_manager Trendmicro 10.0 (including) 10.0 (including)
Deep_security_manager Trendmicro 11.0 (including) 11.0 (including)
Deep_security_manager Trendmicro 12.0 (including) 12.0 (including)
Vulnerability_protection Trendmicro 2.0-sp2 (including) 2.0-sp2 (including)

Potential Mitigations

References