CVE-2017-6325

CWE-94 — Code Injection3 documents3 sources

Severity

6.6MEDIUM

EPSS

3.4%

top 12.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Messaging Gateway Symantec Corporation Messaging Gateway

Timeline

PublishedJun 26

Latest updateMay 17

Description

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploita…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages2 packages

▶NVDsymantec/messaging_gateway10.6.2

▶CVEListV5symantec_corporation/messaging_gatewayAll versions prior to version 10.6.3

🔴Vulnerability Details

GHSA

GHSA-5p9r-p6jh-jxvh: The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect we↗2022-05-17

▶

CVEList

CVE-2017-6325: The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect we↗2017-06-26

▶