Vulnerability Description
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Smart Protection Server | <= 3.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102275Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1118992Vendor Advisory
- https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multExploitThird Party Advisory
- https://www.exploit-db.com/exploits/43388/Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/102275Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1118992Vendor Advisory
- https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multExploitThird Party Advisory
- https://www.exploit-db.com/exploits/43388/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-11398?
CVE-2017-11398 is a vulnerability with a CVSS score of 8.8 (HIGH). A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions t...
How severe is CVE-2017-11398?
CVE-2017-11398 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11398?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Smart Protection Server.