CVE-2015-3326
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.
Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 anterior a Hot Fix Build 3318 y 11.0 anterior a Hot Fix Build 4180 crea identificadores de sesión para la consola web utilizando un generador de números aleatorios con valores previsibles, lo que facilita a atacantes remotos evadir la autenticación a través de un ataque de fuerza bruta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-04-16 CVE Reserved
- 2015-05-14 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html | X_refsource_misc | |
| http://www.securityfocus.com/bid/74661 | Vdb Entry | |
| http://www.securitytracker.com/id/1032323 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://esupport.trendmicro.com/solution/en-US/1109669.aspx | 2017-01-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trend Micro Search vendor "Trend Micro" | Scanmail Search vendor "Trend Micro" for product "Scanmail" | 10.2 Search vendor "Trend Micro" for product "Scanmail" and version "10.2" | microsoft_exchange |
Affected
| ||||||
| Trend Micro Search vendor "Trend Micro" | Scanmail Search vendor "Trend Micro" for product "Scanmail" | 11.0 Search vendor "Trend Micro" for product "Scanmail" and version "11.0" | microsoft_exchange |
Affected
| ||||||