Symantec has released an update to address an issue that was discovered in the Symantec Messaging Gateway (SMG) product.
Symantec Messaging Gateway (SMG)
CVE
|
Affected Version(s)
|
Remediation
CVE-2019-9699
|
Prior to 10.7.0
|
Upgrade to 10.7.0
CVE-2019-9699
Severity/CVSSv3:
|
Medium / 5.7 AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
References:
Impact:
|
Security Focus: BID 108303 / NVD: CVE-2019-9699
Information Disclosure
Description:
|
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
The issue was validated by product team engineers. A Symantec Messaging Gateway update, version 10.7.0, has been made available. To determine what version of SMG you are using, please refer to the version number indicated on the login screen of the application. Note that the latest releases of Symantec Messaging Gateway are available to customers through normal support channels. At this time, Symantec is not aware of any exploitations or adverse customer impact from these issues.
Symantec recommends the following measures to reduce risk of attack:
CPE | Name | Operator | Version |
---|---|---|---|
symantec messaging gateway (smg) | eq | 1 |