Vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance Management Portal
CVE-2018-3609

8.1HIGH

Key Information:

Vendor
Trend Micro
Status
Trend Micro Interscan Messaging Security Virtual Appliance
Vendor
CVE Published:
16 February 2018

Summary

A vulnerability in the management portal of Trend Micro InterScan Messaging Security Virtual Appliance versions 9.0 and 9.1 allows unauthenticated users to access sensitive information stored in specific log files. This exposure can potentially be exploited to bypass authentication mechanisms on affected installations, leading to unauthorized access and data breaches.

Affected Version(s)

Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1

References

https://korelogic.com/Resources/Advisories/KL-001-2018-00...
x_refsource_MISC
https://success.trendmicro.com/solution/1119277
x_refsource_CONFIRM
https://success.trendmicro.com/jp/solution/1119290
x_refsource_MISC

EPSS Score

26% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.