Vulnerabilities > Trendmicro > Email Encryption Gateway > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-23 CVE-2018-10353 SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5
A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a flaw in the formChangePass class.
network
low complexity
trendmicro CWE-89
4.0
2018-05-23 CVE-2018-10352 SQL Injection vulnerability in Trendmicro Email Encryption Gateway 5.5
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class.
network
low complexity
trendmicro CWE-89
6.5
2018-03-15 CVE-2018-6225 XXE vulnerability in Trendmicro Email Encryption Gateway 5.5
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.
network
low complexity
trendmicro CWE-611
4.0
2018-03-15 CVE-2018-6224 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Email Encryption Gateway 5.5
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.
6.8
2018-03-15 CVE-2018-6223 Missing Authentication for Critical Function vulnerability in Trendmicro Email Encryption Gateway 5.5
A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.
network
low complexity
trendmicro CWE-306
5.0
2018-03-15 CVE-2018-6219 Improper Certificate Validation vulnerability in Trendmicro Email Encryption Gateway 5.5
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.
network
low complexity
trendmicro CWE-295
6.4