This script is Copyright (C) 2017 Tenable Network Security, Inc.
A web application running on the remote host is affected by an
authentication bypass vulnerability.
The Trend Micro SafeSync for Enterprise (SSFE) application running on
the remote host is affected by an authentication bypass vulnerability.
An unauthenticated, remote attacker can exploit this, via a series of
HTTP PUT requests using specially crafted parameters, to disclose the
valid, unexpired session key of a logged in user from the
MgmtuiSession table, which can then be used to conduct further
Note that SSFE is reportedly affected by additional vulnerabilities;
however, Nessus has not tested for these.
See also :
Upgrade to SSFE version 3.2 SP1 (build 1531) or later.
Risk factor :
Medium / CVSS Base Score : 5.0
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now