CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10352 – Trend Micro Encryption for Email Gateway formConfiguration saveValue SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10352
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability. Una vulnerabilidad en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante remoto ejecute instrucciones SQL arbitrarias en instalaciones vulnerables debido a un error en la clase formConfiguration. Se requiere autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Encryption for Email Gateway. • https://success.trendmicro.com/solution/1119349 https://www.zerodayinitiative.com/advisories/ZDI-18-418 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10355 – Trend Micro Encryption for Email Gateway DBCrypto Authentication Weakness Vulnerability
https://notcve.org/view.php?id=CVE-2018-10355
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability. Una vulnerabilidad de debilidad en la autenticación en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante recupere cuentas de usuario en instalaciones vulnerables debido a un error en la clase DBCrypto. En primer lugar, un atacante debe obtener acceso a la base de datos del usuario en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows attackers to recover user passwords on vulnerable installations of Trend Micro Encryption for Email Gateway. • https://success.trendmicro.com/solution/1119349 https://www.zerodayinitiative.com/advisories/ZDI-18-411 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10351 – Trend Micro Encryption for Email Gateway register2 Client SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10351
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability. Una vulnerabilidad en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante remoto ejecute instrucciones SQL arbitrarias en instalaciones vulnerables debido a un error en la clase formRegistration2. Se requiere autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary SQL statements on vulnerable installations of Trend Micro Encryption for Email Gateway. • https://success.trendmicro.com/solution/1119349 https://www.zerodayinitiative.com/advisories/ZDI-18-415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10353 – Trend Micro Encryption for Email Gateway formChangePass username SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-10353
A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability. Una vulnerabilidad de divulgación de información por inyección SQL en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante remoto revele información sensible en instalaciones vulnerables debido a un error en la clase formChangePass. Se requiere autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Encryption for Email Gateway. • https://success.trendmicro.com/solution/1119349 https://www.zerodayinitiative.com/advisories/ZDI-18-419 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10354 – Trend Micro Encryption for Email Gateway LauncherServer DownloadBlackList Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10354
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability. Una vulnerabilidad de inyección y ejecución de comandos en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante remoto ejecute código arbitrario en instalaciones vulnerables debido a un error en LauncherServer. Se requiere autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Encryption for Email Gateway. • https://success.trendmicro.com/solution/1119349 https://www.zerodayinitiative.com/advisories/ZDI-18-416 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •