Web Console Session ID Vulnerability in Trend Micro ScanMail for Microsoft Exchange
CVE-2015-3326

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Scanmail
Vendor: CVE Published:; 14 May 2015

Summary

The vulnerability arises from the generation of session IDs for the web console in Trend Micro ScanMail for Microsoft Exchange. This process utilizes a random number generator that produces predictable values, allowing remote attackers to leverage a brute force attack to bypass authentication mechanisms. Specifically, versions 10.2 prior to Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 are impacted, exposing users to potential unauthorized access.

References

http://esupport.trendmicro.com/solution/en-US/1109669.aspx

x_refsource_CONFIRM

http://blog.malerisch.net/2016/05/trendmicro-smex-session...

x_refsource_MISC

http://www.securityfocus.com/bid/74661

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 14, 2015
Vulnerability Reserved
Apr 16, 2015