A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.