CVE-2017-9033

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 67.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Serverprotect

Timeline

PublishedMay 26

Latest updateMay 13

Description

Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDtrendmicro/serverprotect3.0

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-pm3j-2jrw-2gmq: Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3↗2022-05-13

▶

CVEList

CVE-2017-9033: Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3↗2017-05-25

▶