CVE-2021-31520

Name of the Vulnerable Software and Affected Versions Trend Micro IM Security versions 1.6 through 1.6.5

Description A weak session token authentication bypass issue could allow a remote attacker to guess the session token of currently logged-in administrators, potentially gaining access to the product's web management interface.

Recommendations For versions 1.6 through 1.6.5, consider restricting access to the web management interface until a fix is available. As a temporary workaround, limit the ability for remote attackers to guess session tokens by implementing additional security measures, such as IP restrictions or rate limiting, on the web management interface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.