Описание
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilitiesExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilitiesExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 3.2 (включая)
cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08976
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-285
CWE-534
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
EPSS
Процентиль: 92%
0.08976
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-285
CWE-534