Vulnerability Description
An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Email Encryption Gateway | <= 5.5 |
Related Weaknesses (CWE)
References
- https://success.trendmicro.com/solution/1119349Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-18-411/Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1119349Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-18-411/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-10355?
CVE-2018-10355 is a vulnerability with a CVSS score of 7.0 (HIGH). An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. ...
How severe is CVE-2018-10355?
CVE-2018-10355 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10355?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Email Encryption Gateway.