CVE-2018-6222

{"id": "CVE-2018-6222", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-03-15T19:29:00.737", "references": [{"url": "https://success.trendmicro.com/solution/1119349", "tags": ["Patch", "Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.exploit-db.com/exploits/44166/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system."}, {"lang": "es", "value": "La ubicaci\u00f3n arbitraria de los logs en Trend Micro Email Encryption Gateway 5.5 podr\u00eda permitir que un atacante cambie la localizaci\u00f3n de los archivos de log y los manipule para ejecutar comandos arbitrarios en un sistema vulnerable."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:email_encryption_gateway:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B26831D6-9D9F-4A00-9EFD-2905EFA4179F"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}