Trend Micro ScanMail for Exchange 10.2 < Build 3318 / 11.x < Build 4180 Predictable Session IDs
Medium Nessus Plugin ID 84007
SynopsisThe remote Windows host has an email security application installed with weak session ID generation.
DescriptionThe version of Trend Micro ScanMail for Exchange (SMEX) installed on the remote Windows host is affected by a flaw in its bundled web-based user interface due to insufficient complexity in the generation of session IDs. A remote attacker, by more easily guessing the session ID, can use an authenticated user's session to gain access to the web interface.
SolutionApply 11.0 Hot Fix Build 4180 / 10.2 Hot Fix Build 3318.