Published: 19/01/2018 Updated: 09/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated malicious user to hijack active user sessions to perform authenticated requests on a vulnerable system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
trendmicro smart protection server

# Trend Micro Smart Protection Server Multiple Vulnerabilities ## 1 Advisory Information **Title:**: Trend Micro Smart Protection Server Multiple Vulnerabilities **Advisory ID:** CORE-2017-0008 **Advisory URL:** wwwcoresecuritycom/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities **Date published:** 2017-12-19 ...

Trend Micro Smart Protection Server version 32 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities ...

CWE-534 https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities https://success.trendmicro.com/solution/1118992 https://www.exploit-db.com/exploits/43388/http://www.securityfocus.com/bid/102275 https://nvd.nist.gov https://www.exploit-db.com/exploits/43388/

CVE-2017-11398

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect