Trend Micro Email Encryption Gateway CVE-2018-6228 SQL Injection Vulnerability
BID:103755
Info
Trend Micro Email Encryption Gateway CVE-2018-6228 SQL Injection Vulnerability
| Bugtraq ID: | 103755 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-6228 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2018 12:00AM |
| Updated: | Feb 21 2018 12:00AM |
| Credit: | Leandro Barragan and Maximiliano Vidal working with Core Security Consulting Services |
| Vulnerable: |
Trend Micro Email Encryption Gateway 5.5 build 1111 Trend Micro Email Encryption Gateway 5.5 build 1107 Trend Micro Email Encryption Gateway 5.5 build 1073 |
| Not Vulnerable: |
Trend Micro Email Encryption Gateway 5.5 build 1129 |
Discussion
Trend Micro Email Encryption Gateway CVE-2018-6228 SQL Injection Vulnerability
Trend Micro Email Encryption Gateway is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Trend Micro Email Encryption Gateway 5.5 Build 1111 and prior versions are vulnerable.
Trend Micro Email Encryption Gateway is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Trend Micro Email Encryption Gateway 5.5 Build 1111 and prior versions are vulnerable.
Exploit / POC
Trend Micro Email Encryption Gateway CVE-2018-6228 SQL Injection Vulnerability
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References
Trend Micro Email Encryption Gateway CVE-2018-6228 SQL Injection Vulnerability
References:
References:
- Trend Micro Homepage (Trend Micro)
- SECURITY BULLETIN: Trend Micro Email Encryption Gateway 5.5 Multiple Vulnerabili (Trend Micro)
- Trend Micro Email Encryption Gateway Multiple Vulnerabilities (coresecurity)