Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6228

CWE-89 — SQL Injection4 documents4 sources

Severity

9.8CRITICAL

EPSS

3.5%

top 12.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Trend Micro Email Encryption Gateway Trendmicro Email Encryption Gateway

Timeline

PublishedMar 15

Latest updateMay 14

Description

A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/email_encryption_gateway5.5

▶CVEListV5trend_micro/trend_micro_email_encryption_gateway5.5

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-252f-47x2-rgxx: A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5↗2022-05-14

▶

CVEList

CVE-2018-6228: A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5↗2018-03-15

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities↗2018-02-22

▶