CVE-2020-12595 — Sensitive Information Exposure in Symantec Messaging Gateway

3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 46.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Messaging Gateway

Timeline

PublishedDec 10

Latest updateMay 24

Description

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

▶NVDbroadcom/symantec_messaging_gateway< 10.7.4

🔴Vulnerability Details

GHSA

GHSA-427q-fqw6-mhwm: An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they↗2022-05-24

▶

CVEList

CVE-2020-12595: An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they↗2020-12-10

▶