PT-2017-13245 · Trend Micro · Trend Micro Scanmail For Exchange

Published

2017-12-15

·

Updated

2017-12-26

·

CVE-2017-14090

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Trend Micro ScanMail for Exchange version 12.0
Description A vulnerability exists in Trend Micro ScanMail for Exchange where some communications to the update servers are not encrypted.
Recommendations For version 12.0, ensure that all communications to the update servers are encrypted to mitigate the risk of exploitation.

Exploit

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

CVE-2017-14090

Affected Products

Trend Micro Scanmail For Exchange