CVE-2018-12242

CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICAL

EPSS

6.1%

top 9.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Messaging Gateway Symantec Corporation Symantec Messaging Gateway

Timeline

PublishedSep 19

Latest updateMay 14

Description

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDsymantec/messaging_gateway< 10.6.6

▶CVEListV5symantec_corporation/symantec_messaging_gatewayPrior to 10.6.6

🔴Vulnerability Details

GHSA

GHSA-76r2-2w4r-76jq: The Symantec Messaging Gateway product prior to 10↗2022-05-14

▶

CVEList

CVE-2018-12242: The Symantec Messaging Gateway product prior to 10↗2018-09-19

▶