A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability.
References
Link | Resource |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-18-415/ | Third Party Advisory VDB Entry |
https://success.trendmicro.com/solution/1119349 | Vendor Advisory |
Configurations
Information
Published : 2018-05-23 09:29
Updated : 2018-06-22 07:33
NVD link : CVE-2018-10351
Mitre link : CVE-2018-10351
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
trendmicro
- email_encryption_gateway