This Remote host is installed with Trend Micro OfficeScan, which is prone to Authentication Bypass Vulnerability.
Remote users can gain administrative access on the target application and allow arbitrary code execution. Impact Level : Application.
Partially Fixed. Fix is available for Trend Micro OfficeScan 8.0 and Worry-Free Business Security 5.0. http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402.exe http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_CriticalPatch_B1351.exe http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3037.exe http://www.trendmicro.com/ftp/products/patches/WFBS_50_WIN_EN_CriticalPatch_B1404.exe ***** NOTE : Ignore this warning if above mentioned patch is applied already. *****
The flaw is due to insufficient entropy in a random session token used to identify an authenticated manager using the web console.
Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 Trend Micro OfficeScan Corporate Edition versions 7.0 and 7.3 Trend Micro OfficeScan Corporate Edition version 8.0 Trend Micro Worry-Free Business Security (WFBS) version 5.0
Updated on 2015-03-25
- Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
- VMware Product(s) Local Privilege Escalation Vulnerability
- Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Mac OS X)
- Adobe Flash Media Server Privilege Escalation Vulnerability
- Mozilla Products Privilege Escalation Vulnerabily (MAC OS X)