CVE-2022-25329
CRITICALTrend Micro ServerProtect 6.0/5.8 - Unauthenticated Use of Hard-coded Credentials
Title source: llmDescription
Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000290507
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2022-05
Scores
CVSS v3
9.8
EPSS
0.0263
EPSS Percentile
85.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (3)
trendmicro/serverprotect
5.8 (3 CPE variants)
trendmicro/serverprotect_for_network_appliance_filer
5.8
trendmicro/serverprotect_for_storage
6.0
Published
Feb 24, 2022
Tracked Since
Feb 18, 2026