Description
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
Exploits (1)
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43388/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102275
Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1118992
Exploit, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities
Scores
CVSS v3
8.8
EPSS
0.0535
EPSS Percentile
90.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-285
CWE-534
Status
published
Products (1)
trendmicro/smart_protection_server
< 3.2
Published
Jan 19, 2018
Tracked Since
Feb 18, 2026