Trend.Micro.Email.Encryption.Gateway.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit a SQL Injection vulnerability in Trend Micro Email Encryption Gateway.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a craft HTTP request. A remote attacker can exploit this to send a crafted query to execute SQL commands on a vulnerable server.

affected-products-logoAffected Products

Trend Micro Email Encryption Gateway version 5.5 Build 1111 and below

Impact logoImpact

System Compromise: Remote attackers can access or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://success.trendmicro.com/solution/1119349

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-08-28 25.628 Sig Added
2023-08-01 25.612 Name:TrendMicro.
Email.
Encryption.
Gateway.
SQL.
Injection:Trend.
Micro.
Email.
Encryption.
Gateway.
SQL.
Injection
2019-10-23 14.709 Default_action:pass:drop
2019-09-25 14.694

References

1119349 44166