CVE-2017-14092

Name of the Vulnerable Software and Affected Versions Trend Micro ScanMail for Exchange version 12.0

Description The issue is related to the absence of Anti-CSRF tokens in the web interface forms of the affected software. This could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

Recommendations For Trend Micro ScanMail for Exchange version 12.0, consider implementing additional security measures to prevent CSRF attacks, such as validating the origin of requests or using a web application firewall to filter incoming traffic. As a temporary workaround, restrict access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.