Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6219

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

6.5MEDIUM

EPSS

1.4%

top 19.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Trend Micro Email Encryption Gateway Trendmicro Email Encryption Gateway

Timeline

PublishedMar 15

Latest updateMay 14

Description

An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶NVDtrendmicro/email_encryption_gateway5.5

▶CVEListV5trend_micro/trend_micro_email_encryption_gateway5.5

🔴Vulnerability Details

GHSA

GHSA-rhmq-q9gr-p7x8: An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5↗2022-05-14

▶

CVEList

CVE-2018-6219: An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5↗2018-03-15

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities↗2018-02-22

▶

💬Community

Bugzilla

CVE-2018-8007 couchdb: Administrative Privilege Escalation↗2018-07-13

▶