CVE-2017-14092

Sažetak

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

Reference

https://success.trendmicro.com/solution/1118486
https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

26-12-2017 - 16:00

Objavljeno

16-12-2017 - 02:29