CVE-2015-3326

critical

Description

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.

References

http://www.securitytracker.com/id/1032323

http://www.securityfocus.com/bid/74661

http://esupport.trendmicro.com/solution/en-US/1109669.aspx

http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html

Details

Source: Mitre, NVD

Published: 2015-05-14

Updated: 2017-01-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical