ID CVE-2018-6225
Summary An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.
References
Vulnerable Configurations
  • cpe:2.3:a:trendmicro:email_encryption_gateway:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:trendmicro:email_encryption_gateway:5.5:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 04-04-2018 - 13:25)
Impact:
Exploitability:
CWE CWE-611
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
confirm https://success.trendmicro.com/solution/1119349
exploit-db 44166
misc https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities
Last major update 04-04-2018 - 13:25
Published 15-03-2018 - 19:29
Back to Top