Stored Cross Site Scripting Vulnerability in Trend Micro Smart Protection Server
CVE-2017-14096

6.1MEDIUM

Key Information:

Vendor

Trend Micro
Status
Trend Micro Smart Protection Server (standalone)
Vendor
CVE Published:
19 January 2018

What is CVE-2017-14096?

A stored cross site scripting (XSS) vulnerability exists in Trend Micro Smart Protection Server (Standalone) versions 3.2 and earlier. This vulnerability allows attackers to inject malicious scripts, which can be executed by users of the affected server. By exploiting this flaw, an attacker could potentially manipulate user sessions or compromise user data on the vulnerable systems. It is crucial for organizations using these versions to apply the necessary patches to mitigate the risk associated with this security threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Trend Micro Smart Protection Server (Standalone) 3.0, 3.1, 3.2

References

https://www.exploit-db.com/exploits/43388/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/102275
vdb-entryx_refsource_BID
https://success.trendmicro.com/solution/1118992
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.