Symantec Messaging Gateway vulnerabilities

27 known vulnerabilities affecting symantec/messaging_gateway.

Total CVEs
27
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH9MEDIUM13LOW1

Vulnerabilities

Page 2 of 2
CVE-2014-1648MEDIUMCVSS 4.3v10.0v10.0.1+4 more2014-04-23
CVE-2014-1648 [MEDIUM] CWE-79 CVE-2014-1648: Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.
nvd
CVE-2012-4347MEDIUMCVSS 5.0PoCv9.5v9.5.1+3 more2012-12-05
CVE-2012-4347 [MEDIUM] CWE-22 CVE-2012-4347: Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin
nvd
CVE-2012-3580HIGHCVSS 7.7≤ 9.5.4v9.5+3 more2012-08-29
CVE-2012-3580 [HIGH] CVE-2012-3580: Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web app Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.
nvd
CVE-2012-3579HIGHCVSS 7.9PoC≤ 9.5.4v9.5+3 more2012-08-29
CVE-2012-3579 [HIGH] CWE-264 CVE-2012-3579: Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, whic Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
nvd
CVE-2012-0307MEDIUMCVSS 4.3≤ 9.5.4v9.5+3 more2012-08-29
CVE-2012-0307 [MEDIUM] CWE-79 CVE-2012-0307: Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.
nvd
CVE-2012-0308MEDIUMCVSS 6.8PoC≤ 9.5.4v9.5+4 more2012-08-29
CVE-2012-0308 [MEDIUM] CWE-352 CVE-2012-0308: Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allo Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.
nvd
CVE-2012-3581LOWCVSS 3.3≤ 9.5.4v9.5+3 more2012-08-29
CVE-2012-3581 [LOW] CWE-200 CVE-2012-3581: Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.
nvd
← Previous2 / 2