A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability.
References
Link | Resource |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-18-416/ | Third Party Advisory VDB Entry |
https://success.trendmicro.com/solution/1119349 | Vendor Advisory |
Configurations
Information
Published : 2018-05-23 09:29
Updated : 2019-10-02 17:03
NVD link : CVE-2018-10354
Mitre link : CVE-2018-10354
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
trendmicro
- email_encryption_gateway