CVE-2015-3326

Published: May 14, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.

Affected (2)

Products: Trend Micro: Scanmail

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trend Micro Scanmail	Version 10.2
Trend Micro Scanmail	Version 11.0

References (8)

http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html

Source: cve@mitre.org

http://esupport.trendmicro.com/solution/en-US/1109669.aspx

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/74661

Source: cve@mitre.org

http://www.securitytracker.com/id/1032323

Source: cve@mitre.org

http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://esupport.trendmicro.com/solution/en-US/1109669.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/74661

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032323

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.