CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6224 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6224
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain. Una vulnerabilidad de falta de medidas de protección contra Cross-Site Request Forgery (CSRF) en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante envíe peticiones autenticadas a un usuario que esté navegando en un dominio controlado por dicho atacante. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6221 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6221
An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. Una vulnerabilidad de actualización de software no validado en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante Man-in-the-Middle (MitM) manipule un archivo de actualización e inyecte el suyo propio. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2018-6220 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6220
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. Una vulnerabilidad de escritura de archivo arbitrario en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante inyecte datos arbitrarios, lo que puede provocar que se ejecute código en sistemas vulnerables. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6228 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6228
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. Una vulnerabilidad de inyección SQL en un script de políticas de Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante ejecute comandos SQL para subir y ejecutar código arbitrario que pudiera comprometer el sistema objetivo. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6227 – Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6227
A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en dos archivos de configuración de Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante inyecte scripts del lado del cliente en sistemas vulnerables. Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities. • https://www.exploit-db.com/exploits/44166 https://success.trendmicro.com/solution/1119349 https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •