CVE-2017-11398

8.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Smart Protection Server (standalone)
Vendor: CVE Published:; 19 January 2018

Summary

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

Affected Version(s)

Trend Micro Smart Protection Server (Standalone) 3.0, 3.1, 3.2

References

https://www.exploit-db.com/exploits/43388/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/102275

vdb-entryx_refsource_BID

https://success.trendmicro.com/solution/1118992

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2018
Vulnerability Reserved
Jul 17, 2017

.