CVE-2018-6229: SQL Injection
First published: Thu Mar 15 2018(Updated: )
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trendmicro Email Encryption Gateway | =5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-6229?
CVE-2018-6229 has been rated as a high severity vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2018-6229?
To fix CVE-2018-6229, update the Trend Micro Email Encryption Gateway to the latest patched version.
What is the impact of CVE-2018-6229?
The impact of CVE-2018-6229 includes the risk of unauthorized SQL commands being executed, potentially allowing an attacker to take over the system.
What versions are affected by CVE-2018-6229?
CVE-2018-6229 affects version 5.5 of the Trend Micro Email Encryption Gateway.
Can CVE-2018-6229 be exploited remotely?
Yes, CVE-2018-6229 can be exploited remotely if an attacker has access to the vulnerable edit policy script.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/trendmicro
- canonical/trendmicro email encryption gateway
- version/trendmicro email encryption gateway/5.5