Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900205
Kategorie:Privilege escalation
Titel:Trend Micro Web Management Authentication Bypass Vulnerability
Zusammenfassung:This Remote host is installed with Trend Micro OfficeScan, which; is prone to Authentication Bypass Vulnerability.
Beschreibung:Summary:
This Remote host is installed with Trend Micro OfficeScan, which
is prone to Authentication Bypass Vulnerability.

Vulnerability Insight:
The flaw is due to insufficient entropy in a random session
token used to identify an authenticated manager using the web console.

Vulnerability Impact:
Remote users can gain administrative access on the target
application and allow arbitrary code execution.

Affected Software/OS:
Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6

Trend Micro OfficeScan Corporate Edition versions 7.0 and 7.3

Trend Micro OfficeScan Corporate Edition version 8.0

Trend Micro Worry-Free Business Security (WFBS) version 5.0

Solution:
Partially Fixed.
Fix is available for Trend Micro OfficeScan 8.0 and Worry-Free Business Security 5.0.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 30792
Common Vulnerability Exposure (CVE) ID: CVE-2008-2433
http://www.securityfocus.com/bid/30792
Bugtraq: 20080822 Secunia Research: Trend Micro Products Web Management Authentication Bypass (Google Search)
http://www.securityfocus.com/archive/1/495670/100/0/threaded
http://secunia.com/secunia_research/2008-31/advisory/
http://www.securitytracker.com/id?1020732
http://secunia.com/advisories/31373
http://securityreason.com/securityalert/4191
http://www.vupen.com/english/advisories/2008/2421
XForce ISS Database: trend-micro-token-security-bypass(44597)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44597
CopyrightCopyright (C) 2008 SecPod

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.