CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6228 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6228
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. Una vulnerabilidad de inyección SQL en un script de políticas de Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante ejecute comandos SQL para subir y ejecutar código arbitrario que pudiera comprometer el sistema objetivo. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6227 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6227
A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en dos archivos de configuración de Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante inyecte scripts del lado del cliente en sistemas vulnerables. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6222 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6222
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system. La ubicación arbitraria de los logs en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante cambie la localización de los archivos de log y los manipule para ejecutar comandos arbitrarios en un sistema vulnerable. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6229 – Trend Micro Encryption for Email Gateway editPolicy hidRuleId SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-6229
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. Una vulnerabilidad de inyección SQL en un script de edición de políticas de Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante ejecute comandos SQL para subir y ejecutar código arbitrario que pudiera comprometer el sistema objetivo. This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption of Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the formEditPolicy class. When parsing the hidRuleId parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6219 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6219
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data. Una vulnerabilidad de actualización no segura mediante HTTP en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante escuche y manipule determinados tipos de datos de actualización. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •