CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-31520

A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.2%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

https://success.trendmicro.com/solution/000286439
https://www.zerodayinitiative.com/advisories/ZDI-21-525/
https://success.trendmicro.com/solution/000286439
https://www.zerodayinitiative.com/advisories/ZDI-21-525/

Products affected by CVE-2021-31520

Trendmicro » Im Security » Version: 1.6

cpe:2.3:a:trendmicro:im_security:1.6
Trendmicro » Im Security » Version: 1.6.5

cpe:2.3:a:trendmicro:im_security:1.6.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-31520

Products

Pricing

Contact Us