QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3326

Published: May 14, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://esupport.trendmicro.com/solution/en-US/1109669.aspx

x_refsource_CONFIRM

http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html

x_refsource_MISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.