ID |
CVE-2017-11398
|
Summary |
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:smart_protection_server:3.1:*:*:*:*:*:*:*
-
cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:smart_protection_server:3.2:*:*:*:*:*:*:*
|
CVSS |
Base: | 6.8 (as of 09-10-2019 - 23:22) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-534 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
d2sec
via4
|
|
refmap
via4
|
|
Last major update |
09-10-2019 - 23:22 |
Published |
19-01-2018 - 19:29 |
Last modified |
09-10-2019 - 23:22 |