{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T00:08:28.067","vulnerabilities":[{"cve":{"id":"CVE-2020-15601","sourceIdentifier":"security@trendmicro.com","published":"2020-08-27T21:15:12.227","lastModified":"2024-11-21T05:05:50.340","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability."},{"lang":"es","value":"Si la autenticación LDAP está habilitada, una vulnerabilidad de omisión de autenticación LDAP en Trend Micro Deep Security versiones 10.x-12.x, podría permitir a un atacante no autenticado con conocimiento previo de la organización objetivo omitir la autenticación del administrador. Habilitar la autenticación multifactorial impide este ataque. Las instalaciones que usan la autenticación nativa del administrador o la autenticación SAML no están afectadas por esta vulnerabilidad"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:deep_security_manager:10.0:-:*:*:*:*:*:*","matchCriteriaId":"591F99B9-037F-49F2-90C9-C9327465ED3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:deep_security_manager:11.0:-:*:*:*:*:*:*","matchCriteriaId":"BFDDD30A-3F6D-4611-A7EC-D66BC481D59D"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:deep_security_manager:12.0:-:*:*:*:*:*:*","matchCriteriaId":"75D9AC7B-D110-417F-BC90-A70083D6935F"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:vulnerability_protection:2.0:sp2:*:*:*:*:*:*","matchCriteriaId":"E338E06A-643E-4655-BF0B-FB8A2C304458"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://success.trendmicro.com/solution/000252039","source":"security@trendmicro.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1077/","source":"security@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://success.trendmicro.com/solution/000252039","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-1077/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}