Trend Micro ScanMail for Exchange XSS Vulnerability (CVE-2017-14092)
Trend Micro ScanMail for Exchange XSS Vulnerability (CVE-2017-14092)
Release date:
Updated on:
Affected Systems:
Trend Micro ScanMail for Exchange 12.0
Description:
Bugtraq id: 102237
CVE (CAN) ID: CVE-2017-14092
Trend Micro ScanMail is a virus protection system developed and maintained by Trend Micro for the Exchange system.
Trend Micro ScanMail for Exchange 12.0 Web interface forms lack anti-Cross-Site Request Forgery tokens, allowing attackers to submit verified requests when users browse the domains controlled by attackers.
<* Source: Leandro Barragan
*>
Suggestion:
Vendor patch:
Trend Micro
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.trend.com
Https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities
Https://success.trendmicro.com/solution/1118486