CVE-2018-6223

CRITICAL

Trendmicro Email Encryption Gateway - Missing Authentication

Title source: rule

Description

A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappsjsp

https://www.exploit-db.com/exploits/44166

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] https://success.trendmicro.com/solution/1119349

[Exploit, Technical Description, Third Party Advisory] https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44166/

Scores

CVSS v3 9.8

EPSS 0.0524

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-306

Status published

Affected Products (1)

trendmicro/email_encryption_gateway

Timeline

Published Mar 15, 2018

Tracked Since Feb 18, 2026