Trendmicro: >> Scanmail >> 12.0 Security Vulnerabilities
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
CVSS Score
9.1
EPSS Score
0.003
Published
2017-12-16
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-12-16
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-12-16
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-12-16