Messaging Gateway
by Symantec
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4347 | 0.08 | — | 0.59 | Dec 5, 2012 | Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2)… | |||
| CVE-2012-3579 | 0.06 | — | 0.40 | Aug 29, 2012 | Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. | |||
| CVE-2012-0308 | 0.03 | — | 0.02 | Aug 29, 2012 | Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. | |||
| CVE-2024-23615 | 0.01 | — | 0.02 | Jan 25, 2024 | A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | |||
| CVE-2024-23614 | 0.00 | — | 0.02 | Jan 25, 2024 | A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | |||
| CVE-2019-18379 | 0.00 | — | 0.01 | Dec 11, 2019 | Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through… | |||
| CVE-2019-18378 | 0.00 | — | 0.01 | Dec 11, 2019 | Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by… | |||
| CVE-2019-18377 | 0.00 | — | 0.01 | Dec 11, 2019 | Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an… | |||
| CVE-2019-9699 | 0.00 | — | 0.00 | Oct 24, 2019 | Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | |||
| CVE-2019-12751 | 0.00 | — | 0.02 | Jul 11, 2019 | Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an… | |||
| CVE-2014-1648 | 0.00 | — | 0.02 | Apr 23, 2014 | Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. | |||
| CVE-2012-3581 | 0.00 | — | 0.01 | Aug 29, 2012 | Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. | |||
| CVE-2012-3580 | 0.00 | — | 0.01 | Aug 29, 2012 | Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. | |||
| CVE-2012-0307 | 0.00 | — | 0.02 | Aug 29, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. |
- CVE-2012-4347Dec 5, 2012risk 0.08cvss —epss 0.59
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2)…
- CVE-2012-3579Aug 29, 2012risk 0.06cvss —epss 0.40
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
- CVE-2012-0308Aug 29, 2012risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.
- CVE-2024-23615Jan 25, 2024risk 0.01cvss —epss 0.02
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
- CVE-2024-23614Jan 25, 2024risk 0.00cvss —epss 0.02
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.
- CVE-2019-18379Dec 11, 2019risk 0.00cvss —epss 0.01
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through…
- CVE-2019-18378Dec 11, 2019risk 0.00cvss —epss 0.01
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by…
- CVE-2019-18377Dec 11, 2019risk 0.00cvss —epss 0.01
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an…
- CVE-2019-9699Oct 24, 2019risk 0.00cvss —epss 0.00
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
- CVE-2019-12751Jul 11, 2019risk 0.00cvss —epss 0.02
Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an…
- CVE-2014-1648Apr 23, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.
- CVE-2012-3581Aug 29, 2012risk 0.00cvss —epss 0.01
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.
- CVE-2012-3580Aug 29, 2012risk 0.00cvss —epss 0.01
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.
- CVE-2012-0307Aug 29, 2012risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.
Page 2 of 2