Trend Micro ScanMail for Exchange 12.x < SP1 Patch 1 CP1755

The version of Trend Micro ScanMail for Exchange SMEX installed on the remote Windows host is affected by multiple vulnerabilities, including cross-site scripting XSS and weak anti cross-site request forgery CSRF. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104354...

CVE-2015-3326

Trend Micro ScanMail for Microsoft Exchange SMEX 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force...

CVE-2015-3326

Trend Micro ScanMail for Microsoft Exchange (SMEX) versions affected: 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180. The vulnerability stems from generating session IDs for the web console with a predictable random number generator, enabling remote attackers to attempt brute‑f...

CVE-2003-1343

The vulnerability (CVE-2003-1343) affects Trend Micro ScanMail for Exchange (SMEX) prior to 3.81 and prior to 6.1, where a back door account may be installed in smg_Smxcfg30.exe. This enables remote attackers to access the web management interface via the vcc parameter (potentially using the valu...