CVE-2018-6223

CRITICAL

Trendmicro Email Encryption Gateway - Missing Authentication

Title source: rule

Description

A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappsjsp

https://www.exploit-db.com/exploits/44166

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] https://success.trendmicro.com/solution/1119349

[Exploit, Technical Description, Third Party Advisory] https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44166/

Scores

CVSS v3 9.8

EPSS 0.0524

EPSS Percentile 90.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (1)

trendmicro/email_encryption_gateway 5.5

Published Mar 15, 2018

Tracked Since Feb 18, 2026