CVE-2017-11398

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name": "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://success.trendmicro.com/solution/1118992", "name": "https://success.trendmicro.com/solution/1118992", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.exploit-db.com/exploits/43388/", "name": "43388", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/bid/102275", "name": "102275", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-534"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-11398", "ASSIGNER": "security@trendmicro.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2018-01-19T19:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T23:22Z"}