CVE-2018-6230

{"id": "CVE-2018-6230", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2018-03-15T19:29:01.220", "references": [{"url": "https://success.trendmicro.com/solution/1119349", "tags": ["Patch", "Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.exploit-db.com/exploits/44166/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}, {"url": "https://success.trendmicro.com/solution/1119349", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/44166/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n SQL en un script de b\u00fasqueda de configuraciones de Trend Micro Email Encryption Gateway 5.5 podr\u00eda permitir que un atacante ejecute comandos SQL para subir y ejecutar c\u00f3digo arbitrario que pudiera comprometer el sistema objetivo."}], "lastModified": "2024-11-21T04:10:20.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:email_encryption_gateway:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B26831D6-9D9F-4A00-9EFD-2905EFA4179F"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}