VYPR
Critical severity9.8NVD Advisory· Published Aug 27, 2008· Updated Jun 16, 2026

CVE-2008-2433

CVE-2008-2433

Description

The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:trendmicro:client_server_messaging_suite:3.5:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:trendmicro:client_server_messaging_suite:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:trendmicro:client_server_messaging_suite:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:trendmicro:officescan:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:trendmicro:officescan:*:*:*:*:*:*:*:*range: >=7.0,<=8.0
    • (no CPE)range: 7.0 - 8.0
  • cpe:2.3:a:trendmicro:worry-free_business_security:5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:trendmicro:worry-free_business_security:5.0:*:*:*:*:*:*:*
    • (no CPE)range: 5.0
  • Range: 3.5 - 3.6

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.