Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2996

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

6.8MEDIUM

EPSS

1.2%

top 20.85%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trendmicro Interscan Messaging Security Suite

Timeline

PublishedSep 17

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDtrendmicro/interscan_messaging_security_suite7.1

🔴Vulnerability Details

GHSA

GHSA-hwc9-3f9h-m679: Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab↗2022-05-17

▶

CVEList

CVE-2012-2996: Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab↗2012-09-17

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Interscan Messaging Security Suite - Persistent Cross-Site Scripting / Cross-Site Request Forgery↗2012-09-14

▶