Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6225

CWE-611 — XML External Entity (XXE)6 documents5 sources

Severity

4.3MEDIUM

EPSS

1.6%

top 18.35%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Trend Micro Email Encryption Gateway Trendmicro Email Encryption Gateway

Timeline

PublishedMar 15

Latest updateMay 14

Description

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDtrendmicro/email_encryption_gateway5.5

▶CVEListV5trend_micro/trend_micro_email_encryption_gateway5.5

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-5pv4-g6j5-p5rv: An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5↗2022-05-14

▶

CVEList

CVE-2018-6225: An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5↗2018-03-15

▶

💥Exploits & PoCs

Exploit-DB

iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free↗2019-01-25

▶

Exploit-DB

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities↗2018-02-22

▶