CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10356 – Trend Micro Encryption for Email Gateway requestDomains hidDomains SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10356
A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability. Una vulnerabilidad de ejecución remota de código por inyección SQL en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante ejecute instrucciones SQL arbitrarias en instalaciones vulnerables debido a un error en la clase formRequestDomains. Se requiere autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption for Email Gateway. • https://success.trendmicro.com/solution/1119349 https://www.zerodayinitiative.com/advisories/ZDI-18-420 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6225 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6225
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. Una vulnerabilidad XEE (XML External Entity) en Trend Micro Email Encryption Gateway 5.5 podría permitir que un usuario autenticado exponga un script de configuración normalmente protegido. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6224 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6224
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain. Una vulnerabilidad de falta de medidas de protección contra Cross-Site Request Forgery (CSRF) en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante envíe peticiones autenticadas a un usuario que esté navegando en un dominio controlado por dicho atacante. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6221 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6221
An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. Una vulnerabilidad de actualización de software no validado en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante Man-in-the-Middle (MitM) manipule un archivo de actualización e inyecte el suyo propio. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2018-6220 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6220
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. Una vulnerabilidad de escritura de archivo arbitrario en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante inyecte datos arbitrarios, lo que puede provocar que se ejecute código en sistemas vulnerables. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •