CVE-2022-25329 Vulnerability Details

  /     /     /  

CVE-2022-25329 Metadata Quick Info

CVE Published: 24/02/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: trendmicro | Vendor: Trend Micro | Product: Trend Micro ServerProtect for Storage
Status : PUBLISHED

---

CVE-2022-25329 Description

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Static Credential
Source: Trend Micro

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).