10 matches found
CVE-2018-10351
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability...
CVE-2018-6226
Reflected cross-site scripting XSS vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems...
CVE-2018-6227
A stored cross-site scripting XSS vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems...
Cross site request forgery (csrf)
A lack of cross-site request forgery CSRF protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain...
Cross site scripting
A stored cross-site scripting XSS vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems...
Design/Logic Flaw
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data...
CVE-2018-6219
CVE-2018-6219 affects Trend Micro Email Encryption Gateway 5.5 (Build 1111.00). The vulnerability is an Insecure Update via HTTP where update communications are unencrypted, enabling a MITM attacker to eavesdrop on and tamper with update data. The connected documents corroborate that the issue is...
CVE-2018-6225
An XML external entity injection XXE vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script...
CVE-2018-6229
CVE-2018-6229 is a SQL injection in Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) related to the policies and policy editing UI. The vulnerability arises from unsanitized user-controlled parameters (e.g., hidEditId in policies.jsp and related flow to editPolicy.jsp) that are concatenat...
CVE-2018-6228
The Connected docs confirm CVE-2018-6228 targets Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) and involves a SQL injection in policies.jsp via the hidEditId parameter, which is not sanitized before being passed to editPolicy.jsp. This leads to dynamic SQL construction (e.g., queries o...