CVE-2018-3609 — Insufficiently Protected Credentials in Micro Interscan Messaging Security Virtual Appliance

CWE-522 — Insufficiently Protected Credentials CWE-532 — Log File Information Exposure3 documents3 sources

Severity

8.1HIGHNVD

EPSS

16.3%

top 5.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Interscan Messaging Security Virtual Appliance Trendmicro Interscan Messaging Security Virtual Appliance

Timeline

PublishedFeb 16

Latest updateMay 13

Description

A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/interscan_messaging_security_virtual_appliance9.0, 9.1+1

▶CVEListV5trend_micro/trend_micro_interscan_messaging_security_virtual_appliance9.0 and 9.1

🔴Vulnerability Details

GHSA

GHSA-999p-3hf6-2qgp: A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9↗2022-05-13

▶

CVEList

CVE-2018-3609: A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9↗2018-02-16

▶