Scanmail Exchange
by Trend Micro
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14090 | Cri | 0.59 | 9.1 | 0.00 | Dec 16, 2017 | A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | ||
| CVE-2017-14092 | Hig | 0.57 | 8.8 | 0.00 | Dec 16, 2017 | The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | ||
| CVE-2017-14091 | Hig | 0.49 | 7.5 | 0.00 | Dec 16, 2017 | A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | ||
| CVE-2017-14093 | Med | 0.40 | 6.1 | 0.00 | Dec 16, 2017 | The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. | ||
| CVE-2003-1343 | 0.03 | — | 0.06 | Dec 31, 2003 | Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | |||
| CVE-2015-3326 | 0.00 | — | 0.00 | May 14, 2015 | Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass… | |||
| CVE-2001-0586 | 0.00 | — | 0.00 | Aug 22, 2001 | TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords. |
- risk 0.59cvss 9.1epss 0.00
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
- risk 0.57cvss 8.8epss 0.00
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
- risk 0.49cvss 7.5epss 0.00
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
- risk 0.40cvss 6.1epss 0.00
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.
- CVE-2003-1343Dec 31, 2003risk 0.03cvss —epss 0.06
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3".
- CVE-2015-3326May 14, 2015risk 0.00cvss —epss 0.00
Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass…
- CVE-2001-0586Aug 22, 2001risk 0.00cvss —epss 0.00
TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords.