CVE-2012-2996
Trend Micro Interscan Messaging Security Suite - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.
Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en saveAccountSubTab.imss en Trend Micro InterScan Messaging Security Suite v7.1-Build_Win32_1394, permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que crean cuentas de administración a través de una acción saveAuth.
Trend Micro InterScan Messaging Security Suite suffers from stored cross site scripting and cross site request forgery vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-05-30 CVE Reserved
- 2012-09-14 First Exploit
- 2012-09-15 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/50620 | Third Party Advisory | |
http://www.securitytracker.com/id?1027544 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/21319 | 2012-09-14 | |
http://www.kb.cert.org/vuls/id/471364 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Interscan Messaging Security Suite Search vendor "Trendmicro" for product "Interscan Messaging Security Suite" | 7.1 Search vendor "Trendmicro" for product "Interscan Messaging Security Suite" and version "7.1" | - |
Affected
|