|
[Japanese]
|
JVNDB-2022-001381
|
Multiple vulnerabilities in Trend Micro ServerProtect
|
|
Trend Micro Incorporated has released security updates for ServerProtect.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
|
|
CVSS V3 Severity:
Base Metrics 9.8 (Critical) [NVD Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.5 (High) [NVD Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Trend Micro, Inc.
- Trend Micro ServerProtect for Storage (SPFS) 6.0
- Trend Micro ServerProtect for Microsoft Windows / Novell NetWare (SPNT) 5.8
- Trend Micro ServerProtect for EMC Celerra (SPEMC) 5.8
- Trend Micro ServerProtect ServerProtect for Network Appliance Filers (SPNAF) 5.8
|
|
|
* Remote control execution due to insufficiently protected static credentials
* Denial-of-service (DoS) and/or remote code execution due to integer overflow
* Denial-of-service (DoS) due to improper exception handling
For more information, refer to the information provided by the developer.
|
|
[Apply the patch]
Apply the appropriate patch according to the information provided by the developer.
|
|
Trend Micro, Inc.
|
|
- Use of Hard-coded Credentials(CWE-798) [NVD Evaluation]
- Integer Overflow or Wraparound(CWE-190) [NVD Evaluation]
- No Mapping(CWE-Other) [NVD Evaluation]
|
|
- CVE-2022-25329
- CVE-2022-25330
- CVE-2022-25331
|
|
- JVN : JVNVU#92972528
- National Vulnerability Database (NVD) : CVE-2022-25329
- National Vulnerability Database (NVD) : CVE-2022-25330
- National Vulnerability Database (NVD) : CVE-2022-25331
|
|
- [2022/03/03]
Web page was published
- [2024/06/21]
CVSS Severity was modified
CWE was modified
References : Contents were added
|
