CVE-2020-15601
published 2020-08-27CVE-2020-15601: If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker…
PriorityP357high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
2.76%
84.4th percentile
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | trend_micro_deep_security | — | — |
| trendmicro | deep_security_manager | — | — |
| trendmicro | deep_security_manager | — | — |
| trendmicro | deep_security_manager | — | — |
| trendmicro | vulnerability_protection | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_oracle7.5
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rc4x-r6r8-fhg7: If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10
ghsa_unreviewed·2022-05-24
CVE-2020-15601 [MEDIUM] GHSA-rc4x-r6r8-fhg7: If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.
Oracle
Oracle Oracle MySQL Risk Matrix: Server: Compiling (cURL) — CVE-2019-15601
vendor_oracle·2020-04-15·CVSS 7.5
CVE-2019-15601 Oracle Oracle MySQL Risk Matrix: Server: Compiling (cURL) — CVE-2019-15601
Oracle Oracle MySQL Risk Matrix: Server: Compiling (cURL) vulnerability
CVE: CVE-2019-15601
CVSS: 7.5
Protocol: MySQL Protocol
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2020 (APR 2020)
No detection rules found.
No public exploits indexed.
2020-08-27
Published