QwikSec

Security Database

CVE

CWE

Training

CVE-2017-11398

Published: Jan 19, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

Vendor	Product	Versions
Trend Micro	Trend Micro Smart Protection Server (Standalone)	affected `3.0, 3.1, 3.2`

Weaknesses (CWE)

References

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

https://success.trendmicro.com/solution/1118992

x_refsource_CONFIRM

https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.