CVE-2018-6222
HIGHTrendmicro Email Encryption Gateway - OS Command Injection
Title source: ruleDescription
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Core Security · textwebappsjsp
https://www.exploit-db.com/exploits/44166
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44166/
Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1119349
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities
Scores
CVSS v3
7.8
EPSS
0.0040
EPSS Percentile
60.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
trendmicro/email_encryption_gateway
5.5
Published
Mar 15, 2018
Tracked Since
Feb 18, 2026