Primary

Context

Trend Micro Endpoint Encryption PolicyServer Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in Trend Micro Endpoint Encryption PolicyServer versions prior to 6.0.0.4013. This vulnerability allows attackers to access key methods as an admin user and modify product configurations on affected installations. The issue arises from an improper implementation of an authentication algorithm in the DbAppDomain service, enabling remote attackers to bypass authentication without requiring prior access or credentials.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to admin-level methods and the ability to modify product configurations on the affected system.

Remediation

Trend Micro has released a patch for this vulnerability in Endpoint Encryption PolicyServer Version 6.0.0.4013. This update is now available for download.

Added: Jun 17, 2025, 9:33 PM

Updated: Jun 17, 2025, 9:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trend Micro Endpoint Encryption PolicyServer Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating