Cross-Site Request Forgery Vulnerability in Trend Micro Email Encryption Gateway
CVE-2018-6224

8.8HIGH

Key Information:

Vendor
Trend Micro
Status
Trend Micro Email Encryption Gateway
Vendor
CVE Published:
15 March 2018

Summary

A security flaw in Trend Micro Email Encryption Gateway 5.5 allows for the possibility of cross-site request forgery, where an attacker can exploit the absence of adequate CSRF protections. This can enable unauthorized commands to be executed on behalf of an authenticated user when they navigate to a domain controlled by the attacker, potentially leading to unauthorized data exposure and manipulation.

Affected Version(s)

Trend Micro Email Encryption Gateway 5.5

References

https://www.exploit-db.com/exploits/44166/
exploitx_refsource_EXPLOIT-DB
https://success.trendmicro.com/solution/1119349
x_refsource_CONFIRM
https://www.coresecurity.com/advisories/trend-micro-email...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.