High severity7.8NVD Advisory· Published Apr 22, 2016· Updated May 6, 2026

CVE-2016-2203

Description

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.

Affected products

Symantec/Messaging Gateway3 versions
cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch3:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch3:*:*:*:*:*:*
- cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch5:*:*:*:*:*:*
- cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch7:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.htmlnvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/86137nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/39715/nvdExploitThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1035609nvdThird Party AdvisoryVDB Entry
www.symantec.com/security_response/securityupdates/detail.jspnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.024
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000