Messaging Gateway
Sign in to watchby Symantec
CVEs (12)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-6326 | Cri | 0.74 | 10.0 | 0.79 | Jun 26, 2017 | The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. | |
| CVE-2016-2203 | Hig | 0.56 | 7.8 | 0.30 | Apr 22, 2016 | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | |
| CVE-2016-2204 | Hig | 0.53 | 8.2 | 0.00 | Apr 22, 2016 | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | |
| CVE-2017-6324 | Hig | 0.47 | 7.3 | 0.00 | Jun 26, 2017 | The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application. | |
| CVE-2017-6325 | Med | 0.43 | 6.6 | 0.03 | Jun 26, 2017 | The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. | |
| CVE-2012-4347 | 0.09 | — | 0.70 | Dec 5, 2012 | Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. | ||
| CVE-2012-3579 | 0.06 | — | 0.36 | Aug 29, 2012 | Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. | ||
| CVE-2012-0308 | 0.03 | — | 0.00 | Aug 29, 2012 | Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | ||
| CVE-2014-1648 | 0.00 | — | 0.01 | Apr 23, 2014 | Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. | ||
| CVE-2012-3581 | 0.00 | — | 0.00 | Aug 29, 2012 | Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. | ||
| CVE-2012-3580 | 0.00 | — | 0.01 | Aug 29, 2012 | Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. | ||
| CVE-2012-0307 | 0.00 | — | 0.01 | Aug 29, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. |