High severity8.8NVD Advisory· Published Sep 19, 2018· Updated Jun 17, 2026
CVE-2018-12243
CVE-2018-12243
Description
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.
Affected products
2- Range: <10.6.6
- Symantec Corporation/Symantec Messaging Gatewayv5Range: Prior to 10.6.6
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/105330nvdThird Party AdvisoryVDB Entry
- support.symantec.com/en_US/article.SYMSA1461.htmlnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.