9 matches found
CVE-2018-6226
Reflected cross-site scripting XSS vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems...
CVE-2018-6227
A stored cross-site scripting XSS vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems...
Design/Logic Flaw
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data...
Cross site scripting
A stored cross-site scripting XSS vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems...
Cross site request forgery (csrf)
A lack of cross-site request forgery CSRF protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain...
CVE-2018-6228
The Connected docs confirm CVE-2018-6228 targets Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) and involves a SQL injection in policies.jsp via the hidEditId parameter, which is not sanitized before being passed to editPolicy.jsp. This leads to dynamic SQL construction (e.g., queries o...
CVE-2018-6229
CVE-2018-6229 is a SQL injection in Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) related to the policies and policy editing UI. The vulnerability arises from unsanitized user-controlled parameters (e.g., hidEditId in policies.jsp and related flow to editPolicy.jsp) that are concatenat...
CVE-2018-6219
CVE-2018-6219 affects Trend Micro Email Encryption Gateway 5.5 (Build 1111.00). The vulnerability is an Insecure Update via HTTP where update communications are unencrypted, enabling a MITM attacker to eavesdrop on and tamper with update data. The connected documents corroborate that the issue is...
CVE-2018-6225
An XML external entity injection XXE vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script...