An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.
References
Link | Resource |
---|---|
https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities | Exploit Technical Description Third Party Advisory |
https://success.trendmicro.com/solution/1119349 | Patch Vendor Advisory |
https://www.exploit-db.com/exploits/44166/ | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2018-03-15 12:29
Updated : 2018-04-04 08:01
NVD link : CVE-2018-6221
Mitre link : CVE-2018-6221
JSON object : View
CWE
CWE-295
Improper Certificate Validation
Products Affected
trendmicro
- email_encryption_gateway