CVE-2017-11398

Summary

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

Affected Software

VendorProductVersion RangeStatus
Trend MicroTrend Micro Smart Protection Server (Standalone)3.0, 3.1, 3.2affected

Weaknesses

  • CWE-285: OTHER - Information Exposure Through Log Files (CWE-285)

ADP Enrichment

CVE Program Container

Additional References

References