CVE-2018-6221

Description

An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.

Affected products

• Trend Micro / Trend Micro Email Encryption Gateway5.5 – 5.5

References

• EXPLOIThttps://www.exploit-db.com/exploits/44166/
• MISChttps://success.trendmicro.com/solution/1119349
• VENDOR_ADVISORYhttps://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities