EUVD-2017-5602

Malware in sbrugna...

CVE-2017-14092

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

CVE-2017-14090

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted...

Cross site request forgery (csrf)

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

Design/Logic Flaw

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted...

CVE-2017-14091

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory...

CVE-2017-14092

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

CVE-2017-14093

Trend Micro ScanMail for Exchange 12.x (SMEX) contains a cross-site scripting vulnerability (CVE-2017-14093) in the Web-based Logs and Quarantine Query pages. The root cause is improper input handling on the logs/ Quarantine pages, allowing injected script via parameters such as optRemoteLog, txt...

CVE-2017-14090

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted...