CVE-2018-6220
CRITICALTrendmicro Email Encryption Gateway - Injection
Title source: ruleDescription
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Core Security · textwebappsjsp
https://www.exploit-db.com/exploits/44166
References (3)
Scores
CVSS v3
9.8
EPSS
0.0960
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-74
Status
published
Affected Products (1)
trendmicro/email_encryption_gateway
Timeline
Published
Mar 15, 2018
Tracked Since
Feb 18, 2026