Trend Micro Email Encryption Gateway CVE-2018-10356 SQL Injection Vulnerability

Bugtraq ID:	104342
Class:	Input Validation Error
CVE:	CVE-2018-10356
Remote:	Yes
Local:	No
Published:	Feb 21 2018 12:00AM
Updated:	Feb 21 2018 12:00AM
Credit:	Steven Seeley of Source Incite
Vulnerable:	Trend Micro Email Encryption Gateway 5.5 build 1111 Trend Micro Email Encryption Gateway 5.5 build 1107 Trend Micro Email Encryption Gateway 5.5 build 1073
Not Vulnerable:	Trend Micro Email Encryption Gateway 5.5 build 1129

Trend Micro Email Encryption Gateway CVE-2018-10356 SQL Injection Vulnerability

Trend Micro Email Encryption Gateway is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Trend Micro Email Encryption Gateway 5.5 Build 1111 and prior versions are vulnerable.

Trend Micro Email Encryption Gateway CVE-2018-10356 SQL Injection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Trend Micro Email Encryption Gateway CVE-2018-10356 SQL Injection Vulnerability

References:

• Trend Micro Homepage (Trend Micro)
  
• SECURITY BULLETIN: Trend Micro Email Encryption Gateway 5.5 Multiple Vulnerabili (Trend Micro)
  
• Trend Micro Encryption for Email Gateway requestDomains hidDomains SQL Injection (Zero Day Initiative)