CVE-2018-10355

7HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Email Encryption Gateway
Vendor: CVE Published:; 23 May 2018

Summary

An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability.

Affected Version(s)

Trend Micro Email Encryption Gateway 5.5

References

https://www.zerodayinitiative.com/advisories/ZDI-18-411/

x_refsource_MISC

https://success.trendmicro.com/solution/1119349

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2018
Vulnerability Reserved
Apr 24, 2018