Symantec Messaging Gateway Security Vulnerabilities and Issues — Symantec Messaging Gateway CVE List

Lucene search

BroadcomSymantec Messaging Gateway

6 matches found

CVE•added 2014/04/07 10:55 p.m.•3918 views

CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

7.5CVSS7.5AI score0.94462EPSS

CVE•added 2022/06/24 3:15 p.m.•62 views

CVE-2021-30651

A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

4.9CVSS5AI score0.00297EPSS

CVE•added 2020/12/10 6:15 a.m.•57 views

CVE-2020-12594

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.

9CVSS7.3AI score0.00534EPSS

CVE•added 2020/12/10 6:15 a.m.•52 views

CVE-2020-12595

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.

4.9CVSS5.4AI score0.00297EPSS

CVE•added 2024/01/26 12:15 a.m.•37 views

CVE-2024-23614

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

10CVSS9.8AI score0.0213EPSS

CVE•added 2024/01/26 12:15 a.m.•30 views

CVE-2024-23615

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

10CVSS9.8AI score0.06296EPSS