Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-14097

4 documents4 sources

Severity

9.8CRITICAL

EPSS

16.2%

top 5.18%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trendmicro Smart Protection Server Trend Micro Trend Micro Smart Protection Server (standalone)

Timeline

PublishedJan 19

Latest updateMay 13

Description

An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro/trend_micro_smart_protection_server_(standalone)3.0, 3.1, 3.2

▶NVDtrendmicro/smart_protection_server3.2

🔴Vulnerability Details

GHSA

GHSA-p267-mjqj-h6m3: An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3↗2022-05-13

▶

CVEList

CVE-2017-14097: An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3↗2018-01-19

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Con↗2017-12-19

▶