All the vulnerabilites related to Trend Micro - Trend Micro ServerProtect for Microsoft Windows / Novell Netware
cve-2021-36745
Vulnerability from cvelistv5
Published
2021-09-29 10:21
Modified
2024-08-04 01:01
Severity ?
Summary
A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:01:59.288Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289038"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/jp/solution/000289030"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1115/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro ServerProtect for Storage",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for EMC Celerra",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for Network Appliance Filers",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for Microsoft Windows / Novell Netware",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-29T10:21:30",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289038"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/jp/solution/000289030"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1115/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-36745",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro ServerProtect for Storage",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for EMC Celerra",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for Network Appliance Filers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for Microsoft Windows / Novell Netware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289038",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289038"
            },
            {
              "name": "https://success.trendmicro.com/jp/solution/000289030",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/jp/solution/000289030"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1115/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1115/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-36745",
    "datePublished": "2021-09-29T10:21:30",
    "dateReserved": "2021-07-14T00:00:00",
    "dateUpdated": "2024-08-04T01:01:59.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25331
Vulnerability from cvelistv5
Published
2022-02-24 02:45
Modified
2024-08-03 04:36
Severity ?
Summary
Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:36:06.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290507"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2022-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro ServerProtect for Storage",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for Microsoft Windows / Novell NetWare",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for EMC Celerra",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for Network Appliance Filers",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command DoS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-24T02:45:24",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290507"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2022-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-25331",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro ServerProtect for Storage",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for Microsoft Windows / Novell NetWare",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for EMC Celerra",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for Network Appliance Filers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command DoS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290507",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290507"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2022-05",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2022-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-25331",
    "datePublished": "2022-02-24T02:45:24",
    "dateReserved": "2022-02-18T00:00:00",
    "dateUpdated": "2024-08-03T04:36:06.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25330
Vulnerability from cvelistv5
Published
2022-02-24 02:45
Modified
2024-08-03 04:36
Severity ?
Summary
Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:36:06.908Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290507"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2022-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro ServerProtect for Storage",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for Microsoft Windows / Novell NetWare",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for EMC Celerra",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for Network Appliance Filers",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command Integer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-24T02:45:22",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290507"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2022-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-25330",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro ServerProtect for Storage",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for Microsoft Windows / Novell NetWare",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for EMC Celerra",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for Network Appliance Filers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command Integer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290507",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290507"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2022-05",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2022-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-25330",
    "datePublished": "2022-02-24T02:45:22",
    "dateReserved": "2022-02-18T00:00:00",
    "dateUpdated": "2024-08-03T04:36:06.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25329
Vulnerability from cvelistv5
Published
2022-02-24 02:45
Modified
2024-08-03 04:36
Severity ?
Summary
Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:36:06.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290507"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2022-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro ServerProtect for Storage",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for Microsoft Windows / Novell NetWare",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for EMC Celerra",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect for Network Appliance Filers",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Static Credential",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-24T02:45:21",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290507"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2022-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-25329",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro ServerProtect for Storage",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for Microsoft Windows / Novell NetWare",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for EMC Celerra",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect for Network Appliance Filers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Static Credential"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290507",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290507"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2022-05",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2022-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-25329",
    "datePublished": "2022-02-24T02:45:21",
    "dateReserved": "2022-02-18T00:00:00",
    "dateUpdated": "2024-08-03T04:36:06.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}