Symantec Corporation Messaging Gateway vulnerabilities
6 known vulnerabilities affecting symantec_corporation/messaging_gateway.
Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2017-15532MEDIUMCVSS 5.7vPrior to 10.6.42017-12-20
CVE-2017-15532 [MEDIUM] CWE-22 CVE-2017-15532: Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also know
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system includi
cvelistv5nvd
CVE-2017-6327HIGHCVSS 8.8KEVPoCvAll versions prior to version 10.6.3-2672017-08-11
CVE-2017-6327 [HIGH] CWE-77 CVE-2017-6327: The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, wh
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privil
cvelistv5nvd
CVE-2017-6328HIGHCVSS 8.8PoCvAll versions prior to version 10.6.3-2672017-08-11
CVE-2017-6328 [HIGH] CWE-352 CVE-2017-6328: The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forger
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust t
cvelistv5nvd
CVE-2017-6326CRITICALCVSS 10.0PoCvAll versions prior to version 10.6.32017-06-26
CVE-2017-6326 [CRITICAL] CVE-2017-6326: The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a si
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
cvelistv5nvd
CVE-2017-6324HIGHCVSS 7.3vAll versions prior to version 10.6.32017-06-26
CVE-2017-6324 [HIGH] CVE-2017-6324: The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed o
The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application.
cvelistv5nvd
CVE-2017-6325MEDIUMCVSS 6.6vAll versions prior to version 10.6.32017-06-26
CVE-2017-6325 [MEDIUM] CWE-94 CVE-2017-6325: The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vuln
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to contr
cvelistv5nvd