CVE-2018-6228

Name of the Vulnerable Software and Affected Versions Trend Micro Email Encryption Gateway version 5.5

Description A SQL injection issue in the policy script of the Email Encryption Gateway could allow an attacker to execute arbitrary SQL commands, potentially uploading and executing malicious code that may harm the target system. The vulnerability is related to the lack of protection for the SQL query structure, which can be exploited by a remote attacker using the hidEditld parameter to execute arbitrary SQL queries.

Recommendations For Trend Micro Email Encryption Gateway version 5.5, consider restricting access to the policy script to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the hidEditld parameter in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.