CVE-2018-3609
HIGHTrendmicro Interscan Messaging Securi... - Insufficiently Protected Credentials
Title source: ruleDescription
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://korelogic.com/Resources/Advisories/KL-001-2018-006.txt
Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1119277
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/jp/solution/1119290
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103097
Scores
CVSS v3
8.1
EPSS
0.1627
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
CWE-532
Status
published
Products (2)
trendmicro/interscan_messaging_security_virtual_appliance
9.0
trendmicro/interscan_messaging_security_virtual_appliance
9.1
Published
Feb 16, 2018
Tracked Since
Feb 18, 2026