Vulnerabilities > CVE-2017-14097 - Unspecified vulnerability in Trendmicro Smart Protection Server

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
trendmicro
critical
exploit available

Summary

An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.

Exploit-Db

descriptionTrend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored...
fileexploits/multiple/remote/43388.md
idEDB-ID:43388
last seen2017-12-22
modified2017-12-19
platformmultiple
port
published2017-12-19
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/43388/
titleTrend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control
typeremote

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/145518/CORE-2017-0008.txt
idPACKETSTORM:145518
last seen2017-12-22
published2017-12-22
reporterCore Security Technologies
sourcehttps://packetstormsecurity.com/files/145518/Trend-Micro-Smart-Protection-Server-3.2-XSS-Access-Control-Disclosure.html
titleTrend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure