CVE-2012-4347

2012-12-0511:57:14

CWE-22

[email protected]

web.nvd.nist.gov

symantec messaging gateway

smg

directory traversal

remote authentication

vulnerability

security advisory

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.91 High

EPSS

Percentile

98.9%

JSON

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a … (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.

Affected configurations

NVD

Node

symantecmessaging_gatewayMatch9.5

symantecmessaging_gatewayMatch9.5.1

symantecmessaging_gatewayMatch9.5.2

symantecmessaging_gatewayMatch9.5.3

symantecmessaging_gatewayMatch9.5.4

CPENameOperatorVersion
symantec:messaging_gatewaysymantec messaging gatewayeq9.5
symantec:messaging_gatewaysymantec messaging gatewayeq9.5.1
symantec:messaging_gatewaysymantec messaging gatewayeq9.5.2
symantec:messaging_gatewaysymantec messaging gatewayeq9.5.3
symantec:messaging_gatewaysymantec messaging gatewayeq9.5.4

CPE	Name	Operator	Version
symantec:messaging_gateway	symantec messaging gateway	eq	9.5
symantec:messaging_gateway	symantec messaging gateway	eq	9.5.1
symantec:messaging_gateway	symantec messaging gateway	eq	9.5.2
symantec:messaging_gateway	symantec messaging gateway	eq	9.5.3
symantec:messaging_gateway	symantec messaging gateway	eq	9.5.4