CVE-2019-18379Server-Side Request Forgery in Messaging Gateway

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
7.3HIGHNVD
EPSS
0.9%
top 23.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec Messaging GatewayBroadcom Symantec Messaging Gateway
Timeline
PublishedDec 11
Latest updateMay 24

Description

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

CVEListV5broadcom/symantec_messaging_gatewayprior to 10.7.3

🔴Vulnerability Details

2
GHSA
GHSA-593f-7j6m-g5gq: Symantec Messaging Gateway, prior to 102022-05-24
CVEList
CVE-2019-18379: Symantec Messaging Gateway, prior to 102019-12-11
CVE-2019-18379 — Server-Side Request Forgery | cvebase