Home / Early Warning / Vulnerabilidades / CVE-2021-31520

CVE-2021-31520

Type: 
Authentication Issues
Severity: 
Medium
Publication date: 
05/10/2021
Last modified: 
05/19/2021
Description
A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface.
Impact
Access Vector: Through network
Access Complexity: Media
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:a:trendmicro:im_security:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:trendmicro:im_security:1.6.5:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
  • N/A (Source: N/A)
  • N/A (Source: N/A)
Explanation of fields