Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6229

CWE-89 — SQL Injection5 documents5 sources

Severity

9.8CRITICAL

EPSS

3.5%

top 12.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Trend Micro Email Encryption Gateway Trendmicro Email Encryption Gateway

Timeline

PublishedMar 15

Latest updateMay 14

Description

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/email_encryption_gateway5.5

▶CVEListV5trend_micro/trend_micro_email_encryption_gateway5.5

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-mpmp-5r2x-4jvg: A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5↗2022-05-14

▶

CVEList

CVE-2018-6229: A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5↗2018-03-15

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities↗2018-02-22

▶

💬Community

Bugzilla

CVE-2018-9846 roundcubemail: MX injection in archive.php↗2018-04-12

▶