CVE-2018-6229

Name of the Vulnerable Software and Affected Versions Trend Micro Email Encryption Gateway version 5.5

Description A SQL injection issue in the edit policy script of the Trend Micro Email Encryption Gateway could allow an attacker to execute SQL commands, potentially leading to the upload and execution of arbitrary code that may harm the target system. The vulnerability is related to the lack of protection for the SQL query structure in the editPolicy.jsp script. Exploitation of this issue may enable a remote attacker to execute arbitrary SQL queries using the hidRuleId parameter.

Recommendations For Trend Micro Email Encryption Gateway version 5.5, consider restricting access to the editPolicy.jsp script and the hidRuleId parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the hidRuleId parameter in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.