// For flags

CVE-2018-6219

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.

Una vulnerabilidad de actualización no segura mediante HTTP en Trend Micro Email Encryption Gateway 5.5 podría permitir que un atacante escuche y manipule determinados tipos de datos de actualización.

Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-01-25 CVE Reserved
  • 2018-02-21 CVE Published
  • 2023-08-06 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Trendmicro
Search vendor "Trendmicro"
 Email Encryption Gateway
Search vendor "Trendmicro" for product "Email Encryption Gateway"
 5.5
Search vendor "Trendmicro" for product "Email Encryption Gateway" and version "5.5"
-
Affected