Symantec Messaging Gateway vulnerabilities

CVE-2024-23614 [CRITICAL] CWE-119 CVE-2024-23614: A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remo A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

CVE-2024-23615 [CRITICAL] CWE-119 CVE-2024-23615: A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A rem A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

CVE-2022-25629 [MEDIUM] CWE-79 CVE-2022-25629: An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).

CVE-2022-25630 [MEDIUM] CWE-79 CVE-2022-25630: An authenticated user can embed malicious content with XSS into the admin group policy page. An authenticated user can embed malicious content with XSS into the admin group policy page.

CVE-2012-6277 [HIGH] CVE-2012-6277: Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other product

CVE-2019-18379 [HIGH] CWE-918 CVE-2019-18379: Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SS Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.

CVE-2019-18377 [HIGH] CVE-2019-18377: Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerabil Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

CVE-2019-18378 [MEDIUM] CWE-79 CVE-2019-18378: Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) expl Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin poli

CVE-2019-9699 [MEDIUM] CVE-2019-9699: Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.

CVE-2018-12242 [CRITICAL] CWE-287 CVE-2018-12242: The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypas The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.

CVE-2018-12243 [HIGH] CWE-611 CVE-2018-12243: The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity ( The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should n

CVE-2017-15532 [MEDIUM] CWE-22 CVE-2017-15532: Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also know Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system includi

CVE-2017-6326 [CRITICAL] CVE-2017-6326: The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a si The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.

CVE-2017-6324 [HIGH] CVE-2017-6324: The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed o The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application.

CVE-2017-6325 [MEDIUM] CWE-94 CVE-2017-6325: The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vuln The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to contr

CVE-2016-5309 [MEDIUM] CWE-125 CVE-2016-5309: The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protect The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 1

CVE-2016-5312 [MEDIUM] CWE-22 CVE-2016-5312: Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10. Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.

CVE-2016-5310 [MEDIUM] CWE-787 CVE-2016-5310: The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protect The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 1

CVE-2016-2203 [HIGH] CWE-255 CVE-2016-2203: The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows lo The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.

CVE-2016-2204 [HIGH] CWE-74 CVE-2016-2204: The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows lo The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.