PT-2018-17418 · Trend Micro · Trend Micro Email Encryption Gateway

Leandro Barragan

Publicado

2018-03-15

Atualizado

2018-04-04

CVE-2018-6220

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Email Encryption Gateway version 5.5

Description The issue allows an attacker to inject arbitrary data, potentially leading to code execution on vulnerable systems. This is due to an arbitrary file write vulnerability.

Recommendations For Trend Micro Email Encryption Gateway version 5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2018-6220

Produtos afetados

Trend Micro Email Encryption Gateway

PT-2018-17418 · Trend Micro · Trend Micro Email Encryption Gateway

CVE-2018-6220

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5