Lucene search
K
SymantecMessaging Gateway

25 matches found

CVE
CVE
added 2020/02/21 4:50 p.m.151 views

CVE-2012-6277

CVE-2012-6277 concerns multiple vulnerabilities in Autonomy KeyView IDOL libraries used by IBM Notes/Domino, Symantec messaging/security products, and others. The issue arises from underlying memory-corruption flaws in KeyView IDOL, triggered by processing crafted input files, potentially enablin...

9.3CVSS8.1AI score0.08119EPSS
CVE
CVE
added 2017/06/26 9:0 p.m.90 views

CVE-2017-6326

CVE-2017-6326 affects Symantec Messaging Gateway. A command injection vulnerability allows an authenticated user to execute arbitrary OS commands on the web server (root context) via the backupNow.do flow due to insufficient input validation. Affected: SMG 10.x before 10.6.3-266 (per SYM17-004). ...

10CVSS9.6AI score0.72759EPSS
Web
CVE
CVE
added 2019/10/24 3:32 p.m.89 views

CVE-2019-9699

CVE-2019-9699 affects Symantec Messaging Gateway (SMG) 10.x prior to 10.7.0. The issue is an information-disclosure vulnerability that could allow unauthorized data access. Remediation is to upgrade to SMG version 10.7.0 (per vendor advisories). Several connected sources confirm the affected prod...

4.5CVSS4.4AI score0.00483EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.77 views

CVE-2012-0308

Summary (CVE-2012-0308): Symantec Messaging Gateway (SMG) prior to version 10.0 is vulnerable to a Cross-Site Request Forgery (CSRF) that can hijack the authentication of administrators. The issue stems from insufficient input validation, enabling a remote attacker to entice a logged-in admin to ...

6.8CVSS7AI score0.01923EPSS
CVE
CVE
added 2022/12/09 12:0 a.m.74 views

CVE-2022-25629

CVE-2022-25629 affects Broadcom Symantec Messaging Gateway (SMG) prior to version 10.8. An authenticated user with the ability to add/edit annotations on the Content tab can craft a malicious annotation that is executed on the annotations page (Annotation Text Column). The vulnerability is descri...

5.4CVSS5.4AI score0.00382EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.72 views

CVE-2012-3579

Symantec Messaging Gateway (SMG) versions before 10.0 are vulnerable to CVE-2012-3579 due to a hardcoded default SSH password on the support account, enabling remote login and privileged access via SSH. The issue is documented across multiple sources (SAINT advisories and OpenVAS/Nessus reference...

7.9CVSS6.6AI score0.40211EPSS
CVE
CVE
added 2022/12/09 12:0 a.m.69 views

CVE-2022-25630

Broadcom Symantec Messaging Gateway is affected by CVE-2022-25630, a stored XSS vulnerability exploitable by an authenticated user on the admin group policy page. Public details describe an authenticated user injecting payloads via the AdminGroupPolicyFlow$save.flo endpoint, with the issue enabli...

5.4CVSS5.1AI score0.01489EPSS
Web
CVE
CVE
added 2017/04/14 6:0 p.m.68 views

CVE-2016-5312

CVE-2016-5312 affects Symantec Messaging Gateway prior to 10.6.2. A directory traversal vulnerability exists in the charting component’s ChartStream sn parameter, allowing authenticated remote users to read arbitrary files by supplying a .. sequence. Multiple connected sources describe a file-dis...

6.5CVSS6AI score0.53702EPSS
Web
CVE
CVE
added 2016/04/22 6:0 p.m.67 views

CVE-2016-2203

CVE-2016-2203 affects Symantec Messaging Gateway (SMG) Appliance prior to 10.6.1. The management console stores or exposes an encrypted AD password in a way that allows a local attacker with read privileges to recover the LDAP credentials. Impact: local disclosure of AD password with high confide...

7.8CVSS7.5AI score0.0706EPSS
Web
CVE
CVE
added 2014/04/23 10:0 a.m.63 views

CVE-2014-1648

CVE-2014-1648 is a reflected XSS in Symantec Messaging Gateway 10.x prior to 10.5.2. The vulnerability resides in the management console’s brightmail/setting/compliance/DlpConnectFlow$view.flo component, exploitable via the displayTab parameter to inject arbitrary script/HTML in a user’s browser....

4.3CVSS5.7AI score0.02088EPSS
Web
CVE
CVE
added 2017/04/14 6:0 p.m.63 views

CVE-2016-5309

CVE-2016-5309 is a DoS in the RAR file parser of Symantec’s decomposer engines across multiple products (ATP/NS/SEPs/SPE/SMG family). The root cause is an out-of-bounds read during RAR decompression, allowing remote attackers to crash affected applications via specially crafted RAR files. A close...

5.5CVSS5.1AI score0.06877EPSS
CVE
CVE
added 2017/04/14 6:0 p.m.63 views

CVE-2016-5310

CVE-2016-5310 covers a denial-of-service memory-corruption issue in the RAR file parser/decompressor across Symantec products (ATP, various SEP variants, SPE, SMSG, SMSDOM, SPSS, SMSMSE, SEPC, SEPC, etc.). The root cause is mishandling of crafted RAR archives in the decompression path, leading to...

5.5CVSS5.1AI score0.05307EPSS
CVE
CVE
added 2017/06/26 9:0 p.m.62 views

CVE-2017-6325

CVE-2017-6325 refers to a file inclusion vulnerability in Symantec Messaging Gateway . The authenticated, remote attacker can exploit a flaw in how the application builds a path to executable code using attacker-controlled input, allowing inclusion of arbitrary files already present on the host, ...

6.6CVSS8.1AI score0.02503EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.60 views

CVE-2012-3580

Symantec Messaging Gateway (SMG) prior to version 10.0 is affected by CVE-2012-3580, where remote authenticated users who have access to the management interface can modify the web application. The root cause is described as a web application modification issue that can be exploited by an authent...

7.7CVSS6.4AI score0.01126EPSS
CVE
CVE
added 2017/12/20 6:0 p.m.60 views

CVE-2017-15532

CVE-2017-15532 affects Symantec Messaging Gateway prior to version 10.6.4, exposing a directory traversal flaw in the product’s handling of input that allows access to files outside the web root. The root cause is an improper validation/manipulation of variables used in file operations within the...

5.7CVSS5.7AI score0.01372EPSS
CVE
CVE
added 2019/12/11 3:49 p.m.58 views

CVE-2019-18377

Symantec Messaging Gateway (SMG) versions prior to 10.7.3 are affected by a privilege-escalation vulnerability (CVE-2019-18377). The issue allows an attacker to gain elevated access within the affected SMG deployment. References from multiple sources (including Symantec’s advisory and CNVD/Red Ha...

7.2CVSS7.4AI score0.01402EPSS
CVE
CVE
added 2018/09/19 3:0 p.m.56 views

CVE-2018-12243

Symantec Messaging Gateway (SMG) versions prior to 10.6.6 are vulnerable to an XML external entity (XXE) flaw (CVE-2018-12243). The issue arises from a weakly configured XML parser that can process XML input containing external entity references, enabling access to files via file:// URIs or relat...

8.8CVSS8.9AI score0.00767EPSS
CVE
CVE
added 2012/12/05 11:0 a.m.55 views

CVE-2012-4347

Symantec Messaging Gateway (SMG) 9.5.x exposes multiple directory traversal vulnerabilities in its management console. The issues allow remote authenticated users to read arbitrary files by manipulating the logFile parameter (logs action to brightmail/export) or the localBackupFileSelection param...

5CVSS6.5AI score0.5883EPSS
Web
CVE
CVE
added 2017/06/26 9:0 p.m.55 views

CVE-2017-6324

Summary of CVE-2017-6324 (Symantec Messaging Gateway) : A security feature bypass vulnerability exists in SMG when handling a specific Word attachment with macros, allowing bypass of the administrator-enabled disarm functionality. This is documented by multiple sources (NVD entry and vendor/Nessu...

7.5CVSS8.3AI score0.01303EPSS
CVE
CVE
added 2019/12/11 3:49 p.m.55 views

CVE-2019-18378

Symantec Messaging Gateway (SMG) versions prior to 10.7.3 are affected by CVE-2019-18378, a cross-site scripting (XSS) vulnerability caused by improper sanitization of user-supplied input. An unauthenticated attacker could entice a user to click a crafted URL to execute arbitrary script in the vi...

4.8CVSS5.5AI score0.00727EPSS
CVE
CVE
added 2019/12/11 3:49 p.m.55 views

CVE-2019-18379

CVE-2019-18379 affects Symantec Messaging Gateway (SMG) versions prior to 10.7.3. The issue is a server-side request forgery (SSRF) that could allow the backend server to send crafted requests or access services via the loopback interface. Impact is described as enabling unauthorized internal req...

7.5CVSS7.1AI score0.01118EPSS
CVE
CVE
added 2018/09/19 3:0 p.m.54 views

CVE-2018-12242

CVE-2018-12242 affects Symantec Messaging Gateway prior to version 10.6.6, enabling an authentication bypass that could let an attacker circumvent security controls and gain access to the system or network. Public sources in the provided documents corroborate an authentication bypass for SMG befo...

9.8CVSS9.7AI score0.02951EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.51 views

CVE-2012-0307

CVE-2012-0307 affects Symantec Messaging Gateway (SMG) prior to version 10.0. The vulnerability class is multiple cross-site scripting (XSS) issues, allowing remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. The public references describe XSS in th...

4.3CVSS5.8AI score0.0197EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.48 views

CVE-2012-3581

Symantec Messaging Gateway (SMG) before 10.0 suffers an Information Disclosure vulnerability (CVE-2012-3581) that allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Exploitation status is not detailed in the provided documents. Re...

3.3CVSS6.3AI score0.00636EPSS
CVE
CVE
added 2016/04/22 6:0 p.m.48 views

CVE-2016-2204

Consolidated details for CVE-2016-2204 (and related CVE-2016-2203) in Symantec Messaging Gateway (SMG) Appliance: The SMG 10.x management console before 10.6.1 is affected by local privilege escalation. Specifically, CVE-2016-2204 allows a local attacker to gain a root shell in the console by man...

8.2CVSS7.8AI score0.00667EPSS