CVE-2021-30651

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.3%

top 46.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Messaging Gateway

Timeline

PublishedJun 24

Latest updateJun 25

Description

A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDbroadcom/symantec_messaging_gateway10.7 — 10.7.5

▶CVEListV5symantec_messaging_gateway_(smg)10.7

🔴Vulnerability Details

GHSA

GHSA-cm55-jg7j-pgwp: A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be auth↗2022-06-25

▶

CVEList

CVE-2021-30651: A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be auth↗2022-06-24

▶