Trend Micro Email Encryption Gateway Multiple Security Vulnerabilities
BID:104314
Info
Trend Micro Email Encryption Gateway Multiple Security Vulnerabilities
| Bugtraq ID: | 104314 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-10351 CVE-2018-10352 CVE-2018-10353 CVE-2018-10354 CVE-2018-10355 |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 04 2018 12:00AM |
| Updated: | May 04 2018 12:00AM |
| Credit: | Steven Seeley (mr_me) of Source Incite |
| Vulnerable: |
Trend Micro Email Encryption Gateway 5.5 build 1111 Trend Micro Email Encryption Gateway 5.5 build 1107 Trend Micro Email Encryption Gateway 5.5 build 1073 |
| Not Vulnerable: | |
Discussion
Trend Micro Email Encryption Gateway Multiple Security Vulnerabilities
Trend Micro Email Encryption Gateway is prone to the following multiple security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A command-injection vulnerability
3. An insecure authentication weakness
Exploiting these issues could allow an attacker to access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary command, bypass authentication mechanism, execute arbitrary code and obtain sensitive information. This may aid in further attacks.
Email Encryption Gateway 5.5 Build 1111 and prior are vulnerable.
Trend Micro Email Encryption Gateway is prone to the following multiple security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A command-injection vulnerability
3. An insecure authentication weakness
Exploiting these issues could allow an attacker to access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary command, bypass authentication mechanism, execute arbitrary code and obtain sensitive information. This may aid in further attacks.
Email Encryption Gateway 5.5 Build 1111 and prior are vulnerable.
Exploit / POC
Trend Micro Email Encryption Gateway Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Trend Micro Email Encryption Gateway Multiple Security Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Trend Micro Email Encryption Gateway Multiple Security Vulnerabilities
References:
References:
- Trend Micro Homepage (Trend Micro)
- https://success.trendmicro.com/solution/1119349 (Trend Micro)
- Trend Micro Encryption for Email Gateway DBCrypto Authentication Weakness Vulner (Zero Day Initiative)
- Trend Micro Encryption for Email Gateway formChangePass username SQL Injection (Zero Day Initiative)
- Trend Micro Encryption for Email Gateway formConfiguration saveValue SQL Injecti (Zero Day Initiative)
- Trend Micro Encryption for Email Gateway LauncherServer DownloadBlackList Comman (Zero Day Initiative)
- Trend Micro Encryption for Email Gateway register2 Client SQL Injection (Zero Day Initiative)