CVE-2020-15605

Name of the Vulnerable Software and Affected Versions: Trend Micro Vulnerability Protection version 2.0 SP2

Description: The issue is related to an authentication bypass vulnerability when LDAP authentication is enabled. This could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication can prevent this attack. It is also mentioned that the vulnerability is related to deficiencies in authentication, which can be exploited by a remote attacker to elevate privileges.

Recommendations: For Trend Micro Vulnerability Protection version 2.0 SP2, consider enabling multi-factor authentication to prevent the attack. As a temporary workaround, avoid using LDAP authentication until a patch is available. If possible, switch to manager native authentication or SAML authentication, as installations using these methods are not impacted by this vulnerability.