Main Vulnerability Database Vulnerabilities #VU40793

Input validation error in ScanMail - CVE-2015-3326

Published: May 14, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40793

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-3326

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Trend Micro

Affected software:
ScanMail

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack. <a href="https://cwe.mitre.org/data/definitions/330.html">CWE-330: Use of Insufficiently Random Values</a>

How to mitigate CVE-2015-3326

Install update from vendor's website.

Input validation error in ScanMail - CVE-2015-3326

Detailed vulnerability description

How to mitigate CVE-2015-3326

Sources

Please verify you're human