CVE-2018-10355

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
7.0HIGH
EPSS
0.1%
top 77.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trendmicro Email Encryption GatewayTrend Micro Trend Micro Email Encryption Gateway
Timeline
PublishedMay 23
Latest updateMay 13

Description

An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-49rg-f69p-79rc: An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 52022-05-13
CVEList
CVE-2018-10355: An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 52018-05-23
CVE-2018-10355 (HIGH CVSS 7) | An authentication weakness vulnerab | cvebase.io