Lucene search

[email protected]CVE-2012-2996

HistorySep 17, 2012 - 2:55 p.m.

CVE-2012-2996

2012-09-1714:55:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-2996

csrf

vulnerability

trend micro

interscan messaging security suite

remote attackers

hijack authentication

admin accounts

saveauth action

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.5%

JSON

Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.

Affected configurations

NVD

Node

trendmicrointerscan_messaging_security_suiteMatch7.1

CPENameOperatorVersion
trendmicro:interscan_messaging_security_suitetrendmicro interscan messaging security suiteeq7.1

CPE	Name	Operator	Version
trendmicro:interscan_messaging_security_suite	trendmicro interscan messaging security suite	eq	7.1

References

secunia.com/advisories/50620

www.kb.cert.org/vuls/id/471364

www.securitytracker.com/id?1027544

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2012-2996

cvelist1 prion1 nvd1 packetstorm1 exploitpack1 cert1 exploitdb1