CVE-2018-6222: OS Command Injection
First published: Thu Mar 15 2018(Updated: )
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Email Encryption Gateway | =5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-6222?
CVE-2018-6222 is considered a critical vulnerability due to its potential to allow arbitrary command execution.
How do I fix CVE-2018-6222?
To address CVE-2018-6222, it is recommended to upgrade Trend Micro Email Encryption Gateway to a patched version beyond 5.5.
What type of attack does CVE-2018-6222 facilitate?
CVE-2018-6222 can facilitate command execution on a vulnerable system by exploiting arbitrary log file locations.
Which software versions are affected by CVE-2018-6222?
CVE-2018-6222 specifically affects Trend Micro Email Encryption Gateway version 5.5.
Is CVE-2018-6222 easy to exploit?
CVE-2018-6222 can be exploited with relative ease if proper security measures are not in place.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trendmicro
- canonical/trend micro email encryption gateway
- version/trend micro email encryption gateway/5.5