VYPR

Messaging Gateway

by Symantec

CVEs (34)

  • CVE-2012-4347Dec 5, 2012
    risk 0.08cvss epss 0.59

    Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2)…

  • CVE-2012-3579Aug 29, 2012
    risk 0.06cvss epss 0.40

    Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.

  • CVE-2012-0308Aug 29, 2012
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.

  • CVE-2024-23615Jan 25, 2024
    risk 0.01cvss epss 0.02

    A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

  • CVE-2024-23614Jan 25, 2024
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

  • CVE-2019-18379Dec 11, 2019
    risk 0.00cvss epss 0.01

    Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through…

  • CVE-2019-18378Dec 11, 2019
    risk 0.00cvss epss 0.01

    Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by…

  • CVE-2019-18377Dec 11, 2019
    risk 0.00cvss epss 0.01

    Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an…

  • CVE-2019-9699Oct 24, 2019
    risk 0.00cvss epss 0.00

    Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.

  • CVE-2019-12751Jul 11, 2019
    risk 0.00cvss epss 0.02

    Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an…

  • CVE-2014-1648Apr 23, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.

  • CVE-2012-3581Aug 29, 2012
    risk 0.00cvss epss 0.01

    Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.

  • CVE-2012-3580Aug 29, 2012
    risk 0.00cvss epss 0.01

    Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.

  • CVE-2012-0307Aug 29, 2012
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.

Page 2 of 2