CVE-2018-10353

Name of the Vulnerable Software and Affected Versions: Trend Micro Email Encryption Gateway version 5.5

Description: A SQL injection information disclosure issue exists due to a flaw in the formChangePass class, allowing a remote attacker to disclose sensitive information on vulnerable installations. Authentication is required to exploit this issue. The username variable is involved in the SQL injection.

Recommendations: For Trend Micro Email Encryption Gateway version 5.5, consider restricting access to the formChangePass class until a fix is available. As a temporary workaround, avoid using the username variable in the affected functionality to minimize the risk of exploitation.