cbcvebase.
CVE-2015-3326
published 2015-05-14

CVE-2015-3326: Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console…

PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.30%
81.2th percentile
Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.

Affected

2 ranges
VendorProductVersion rangeFixed in
trend_microscanmail
trend_microscanmail
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.