CVE-2015-3326 Information

Description

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values which makes it easier for remote attackers to bypass authentication via a brute force attack.

Reference

http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html http://esupport.trendmicro.com/solution/en-US/1109669.aspx http://www.securityfocus.com/bid/74661 http://www.securitytracker.com/id/1032323