Vulnerabilities > CVE-2018-6225 - XXE vulnerability in Trendmicro Email Encryption Gateway 5.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities. CVE-2018-6219,CVE-2018-6220,CVE-2018-6221,CVE-2018-6222,CVE-2018-6223,CV... |
| file | exploits/jsp/webapps/44166.txt |
| id | EDB-ID:44166 |
| last seen | 2018-02-22 |
| modified | 2018-02-22 |
| platform | jsp |
| port | |
| published | 2018-02-22 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44166/ |
| title | Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/146508/CORE-2017-0006.txt |
| id | PACKETSTORM:146508 |
| last seen | 2018-02-24 |
| published | 2018-02-21 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/146508/Trend-Micro-Email-Encryption-Gateway-XSS-Code-Execution.html |
| title | Trend Micro Email Encryption Gateway XSS / Code Execution |