www.iicybersecurity.com
Open in
urlscan Pro
45.79.104.24
Public Scan
URL:
https://www.iicybersecurity.com/critical-authentication-bypass-vulnerability-in-trend-micro-serverprotect-allows-unauthorized-re...
Submission: On September 27 via api from US — Scanned from DE
Submission: On September 27 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://www.iicybersecurity.com/
<form class="search-form" method="get" id="searchform" action="https://www.iicybersecurity.com/">
<input type="text" id="s2" class="mb0" name="s" value="" placeholder="Search on site..." autocomplete="off">
<input type="submit" value="" class="btn">
</form>Text Content
* Home * Blog * Information Security * Malware * Hacking * Vulnerability * Tutorials * Contact CRITICAL AUTHENTICATION BYPASS VULNERABILITY IN TREND MICRO SERVERPROTECT ALLOWS UNAUTHORIZED REMOTE USER TO BECOME ADMIN Cybersecurity specialists report the detection of a critical vulnerability in Trend Micro ServerProtect, one of the company’s most important security solutions. According to the report, the successful exploitation of this vulnerability would allow malicious hackers to evade security controls on the affected system. Tracked as CVE-2021-36745, this flaw exists due to an error in the ServerProtect authentication process, which could be exploited by an unauthenticated remote threat actor in order to access the system without authorization. This is a highly severe vulnerability and received a score of 8.5/10 according to the Common Vulnerability Scoring System (CVSS). Experts mention that the successful exploitation of the flaw would allow the total compromise of the affected system. The vulnerability resides in the following instances and versions of ServerProtect: * ServerProtect v5.8, v6.0 * ServerProtect for Storage (SPFS) v6.0 * ServerProtect for EMC Celerra (SPEMC) v5.8 * ServerProtect for Network Appliance Filers (SPNAF) v5.8 * ServerProtect for Microsoft Windows / Novell Netware (SPNT) v5.8 While the vulnerability is considered critical and could be exploited by unauthenticated remote malicious hackers, cybersecurity experts have not detected active exploitation attempts. Still, users of affected deployments are encouraged to install the necessary updates as soon as possible. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites. 0 like Share * 0 * 0 * 0 * 0 * 0 CISA Common Vulnerability Scoring System (CVSS) cyberattack cybersecurity Hacking information security Privilege Escalation ServerProtect Trend Micro vulnerability RECENT ARTICLES * Critical authentication bypass vulnerability in Trend Micro ServerProtect allows unauthorized remote user to become Admin * Vulnerabilidad crítica de evasión de autenticación en Trend Micro ServerProtect permite a usuarios remotos no autorizados obtener privilegios de administrador * CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial * Tres vulnerabilidades críticas en cURL afectan a millones de servidores * Two High severity vulnerabilities in Adobe Premiere Pro software affect million of devices * High severity RCE vulnerability in Nitro Pro PDF software * Múltiples vulnerabilidades críticas en Cisco IOS XR; actualice de inmediato * 5 zero-day unpatched vulnerabilities in JBL TUNE500 BT Bluetooth headphones * 5 vulnerabilidades día cero sin corregir en los auriculares Bluetooth JBL TUNE500 BT * BrakTooth: 16 nuevas vulnerabilidades de Bluetooth afectan a millones de dispositivos © Copyright 2021 International Institute of Cyber Security * * * * * * * This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT Privacy Policy Privacy Policy Close PRIVACY OVERVIEW This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities... Necessary Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information. Non-necessary Non-necessary Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website. SAVE & ACCEPT