Vulnerability Description
A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class. Authentication is required to exploit this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Email Encryption Gateway | <= 5.5 |
Related Weaknesses (CWE)
References
- https://success.trendmicro.com/solution/1119349Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-18-419/Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1119349Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-18-419/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-10353?
CVE-2018-10353 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a fl...
How severe is CVE-2018-10353?
CVE-2018-10353 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10353?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Email Encryption Gateway.