Lucene search
K
KasperskySecure Mail Gateway

4 matches found

CVE
CVE
added 2018/02/06 3:0 p.m.64 views

CVE-2018-6288

Kaspersky Secure Mail Gateway 1.1.0.379 Web Management Console has multiple CSRF/CONFIG injection flaws described by CORE-2017-0010: CVE-2018-6288 enables admin takeover via missing anti-CSRF tokens; CVE-2018-6289 injects Postfix config to run commands as root; CVE-2018-6290 uses a setuid binary ...

8.8CVSS8.9AI score0.00653EPSS
CVE
CVE
added 2018/02/06 3:0 p.m.48 views

CVE-2018-6289

Kaspersky Secure Mail Gateway 1.1.0.379 has a Web Management Console vulnerability (CVE-2018-6289) that allows configuration-file injection into /etc/postfix/main.cf, enabling arbitrary commands to execute as root. The Core Security advisory CORE-2017-0010 details that adding a crafted BCC addres...

10CVSS9.6AI score0.06723EPSS
CVE
CVE
added 2018/02/06 3:0 p.m.47 views

CVE-2018-6291

Kaspersky Secure Mail Gateway 1.1.0.379 web management console contains multiple vulnerabilities described in CORE-2017-0010, including CVE-2018-6291 (Reflected XSS in importSettings callback) and related CVEs (CVE-2018-6288/6289/6290) enabling CSRF, remote command execution as root via crafted s...

6.1CVSS6.4AI score0.00863EPSS
CVE
CVE
added 2018/02/06 3:0 p.m.42 views

CVE-2018-6290

CVE-2018-6290 is a local privilege escalation in Kaspersky Secure Mail Gateway 1.1.0.379 where a setuid root binary at /opt/kaspersky/klms-appliance/libexec/upgrade/upgrade_launcher can be abused by a kluser to run a malicious Python script, elevating privileges to root. The Core Security advisor...

7.8CVSS8.2AI score0.0049EPSS