Lucene search

Messaging Gateway Security Vulnerabilities - 2012

cve

CVE-2012-0307

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.

5.8AI Score

0.01EPSS

2012-08-29 10:56 AM

cve

CVE-2012-0308

Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.

7AI Score

0.036EPSS

2012-08-29 10:56 AM

cve

CVE-2012-3579

Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.

6.6AI Score

0.19EPSS

2012-08-29 10:56 AM

cve

CVE-2012-3580

Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.

6.4AI Score

0.001EPSS

2012-08-29 10:56 AM

cve

CVE-2012-3581

Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.

6.3AI Score

0.002EPSS

2012-08-29 10:56 AM

cve

CVE-2012-4347

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter i...

6.5AI Score

0.911EPSS

2012-12-05 11:57 AM