Vulnerability Description
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Email Encryption Gateway | 5.5 |
Related Weaknesses (CWE)
References
- https://success.trendmicro.com/solution/1119349PatchVendor Advisory
- https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-mulExploitTechnical DescriptionThird Party Advisory
- https://www.exploit-db.com/exploits/44166/ExploitThird Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1119349PatchVendor Advisory
- https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-mulExploitTechnical DescriptionThird Party Advisory
- https://www.exploit-db.com/exploits/44166/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-6222?
CVE-2018-6222 is a vulnerability with a CVSS score of 7.8 (HIGH). Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command executio...
How severe is CVE-2018-6222?
CVE-2018-6222 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6222?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Email Encryption Gateway.