CVE Vulnerabilities

CVE-2017-11398

DEPRECATED: Information Exposure Through Debug Log Files

Published: Jan 19, 2018 | Modified: Oct 09, 2019
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

Weakness

This entry has been deprecated because its abstraction was too low-level. See CWE-532.

Affected Software

Name Vendor Start Version End Version
Smart_protection_server Trendmicro * 3.2

References