CVE-2015-3326

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Scanmail
Vendor: CVE Published:; 14 May 2015

Summary

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.

References

http://esupport.trendmicro.com/solution/en-US/1109669.aspx

x_refsource_CONFIRM

http://blog.malerisch.net/2016/05/trendmicro-smex-session...

x_refsource_MISC

http://www.securityfocus.com/bid/74661

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 14, 2015
Vulnerability Reserved
Apr 16, 2015