← back
CVE-2017-11398

CVE-2017-11398

EPSS 8.3%CWE-285
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
Affected products
Trend Micro · Trend Micro Smart Protection Server (Standalone)
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43388/unverifiedexploitdbwww.exploit-db.com/exploits/43388unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://success.trendmicro.com/solution/1118992https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/43388/http://www.securityfocus.com/bid/102275