Trend Micro has released important updates that resolve a security vulnerability classified as critical. The gap, rated with a CVSS score of 9.8 out of a possible 10, is in FileProtect protection software for file servers and network attached storage (NAS) and could be exploited by a remote attacker to completely bypass the mechanisms. for authentication of the respective FileProtect installation. .
According to an Advisory zu CVE-2021-36745 der Zero Day Initiative, which reported the vulnerability to Trend Micro, the security vulnerability is in the ServerProtect management console. Entries made during authentication would not be properly validated. Although exploits of the vulnerability have not yet been observed in the wild, Trend Micro recommends an update as soon as possible.
Vulnerable versions and other information
According to Trend Micro, the following products and platforms can be attacked through CVE-2021-36745:
- ServerProtect for Storage (SPFS) for the Windows in Version 6.0
- ServerProtect for EMC Celerra (SPEMC) in Version 5.8
- ServerProtect for Network Appliance Filers (SPNAF, NetApp) in Version 5.8
- ServerProtect for Microsoft the Windows / Novell Netware (SPNT), Version 5.8
An overview of saved versions and download links is available. Check out the Trend Micros Security Bulletin.
Source of the article
Disclaimer: This article is generated from the feed and is not edited by our team.