Symantec has released an update to address one issue in the Symantec Messaging Gateway product.
Symantec Messaging Gateway (SMG)
|
|
CVE-2017-15532
|
Prior to 10.6.4
|
Upgrade to 10.6.4
CVE-2017-15532
Severity/CVSSv3:
|
Medium / 5.7 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Impact:
|
Securityfocus: BID 102096 / NVD: CVE-2017-15532
Directory traversal
Description:
|
Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
This issue was validated by the product team engineers. A Symantec Messaging Gateway update, version 10.6.4, has been released which addresses the aforementioned issue. Note that the latest Symantec Messaging Gateway release and patches are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from this issue.
Symantec recommends the following measures to reduce risk of attack:
CPE | Name | Operator | Version |
---|---|---|---|
symantec messaging gateway (smg) | eq | 1 |