CVE-2020-15605
HIGHTrendmicro Deep Security Manager - Authentication Bypass
Title source: ruleDescription
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000252039
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-1083/
Scores
CVSS v3
8.1
EPSS
0.0382
EPSS Percentile
88.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (4)
trendmicro/deep_security_manager
10.0
trendmicro/deep_security_manager
11.0
trendmicro/deep_security_manager
12.0
trendmicro/vulnerability_protection
2.0 sp2
Published
Aug 27, 2020
Tracked Since
Feb 18, 2026