CVE-2018-6224

Description

A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain.

Affected products

• Trend Micro / Trend Micro Email Encryption Gateway5.5 – 5.5

References

• EXPLOIThttps://www.exploit-db.com/exploits/44166/
• MISChttps://success.trendmicro.com/solution/1119349
• VENDOR_ADVISORYhttps://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities