PT-2012-4422 · Trend Micro · Interscan Messaging Security Suite
Tom Gregory
·
Publicado
2012-09-17
·
Atualizado
2013-04-13
·
CVE-2012-2996
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Trend Micro InterScan Messaging Security Suite version 7.1-Build Win32 1394
Description
A cross-site request forgery issue exists, allowing remote attackers to hijack administrator authentication for creating admin accounts via a saveAuth action in the saveAccountSubTab.imss module.
Recommendations
For Trend Micro InterScan Messaging Security Suite version 7.1-Build Win32 1394, consider disabling the saveAccountSubTab.imss module or restricting access to the saveAuth action until a patch is available.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Interscan Messaging Security Suite