CVE-2017-11398

HIGH

Trend Micro Smart Protection Server <3.2 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11398. PoCs published by CoreLabs.

AI-analyzed exploit summary The exploit demonstrates session hijacking via log file disclosure and remote command execution via cron job injection in Trend Micro Smart Protection Server. It leverages CVE-2017-11398 and CVE-2017-14094 to achieve unauthenticated RCE.

Description

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

Exploits (1)

exploitdb WORKING POC
by CoreLabs · remotemultiple
https://www.exploit-db.com/exploits/43388

The exploit demonstrates session hijacking via log file disclosure and remote command execution via cron job injection in Trend Micro Smart Protection Server. It leverages CVE-2017-11398 and CVE-2017-14094 to achieve unauthenticated RCE.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Trend Micro Smart Protection Server 3.2 (Build 1085)
No auth needed
Prerequisites: Network access to the target server · Trend Micro Smart Protection Server with vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43388/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102275
Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1118992

Scores

CVSS v3 8.8
EPSS 0.0835
EPSS Percentile 94.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-285 CWE-534
Status published
Products (1)
trendmicro/smart_protection_server < 3.2
Published Jan 19, 2018
Tracked Since Feb 18, 2026