CVE-2018-6229

{"id": "CVE-2018-6229", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-03-15T19:29:01.173", "references": [{"url": "https://success.trendmicro.com/solution/1119349", "tags": ["Patch", "Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.exploit-db.com/exploits/44166/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}, {"url": "https://success.trendmicro.com/solution/1119349", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/44166/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n SQL en un script de edici\u00f3n de pol\u00edticas de Trend Micro Email Encryption Gateway 5.5 podr\u00eda permitir que un atacante ejecute comandos SQL para subir y ejecutar c\u00f3digo arbitrario que pudiera comprometer el sistema objetivo."}], "lastModified": "2024-11-21T04:10:20.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:email_encryption_gateway:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B26831D6-9D9F-4A00-9EFD-2905EFA4179F"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}