Trend Micro ServerProtect family vulnerable to authentication bypass


Trend Micro Incorporated has released security updates for ServerProtect family.

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products

Trend Micro, Inc.
  • Trend Micro ServerProtect for Microsoft Windows Novell Netware (SPNT) prior to 5.8 CP1575
  • Trend Micro ServerProtect for Network Appliance Filers (SPNAF) prior to 5.8 CP1299
  • Trend Micro ServerProtect for EMC Celerra (SPEMC) prior to 5.8 CP1577
  • Trend Micro ServerProtect for Storage (SPFS) prior to 6.0 CP1284


A remote attacker may bypass authentication for the products.
For more information, refer to the information provided by the developer.

[Apply the patch]
Apply the appropriate patch according to the information provided by the developer.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2021-36745

  1. JVN : JVNVU#99520559
  2. National Vulnerability Database (NVD) : CVE-2021-36745
Revision History

  • [2021/10/01]
      Web page was published