Search criteria
75 vulnerabilities found for messaging_gateway by symantec
FKIE_CVE-2022-25629
Vulnerability from fkie_nvd - Published: 2022-12-09 18:15 - Updated: 2025-04-23 15:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | messaging_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7EFB65-430E-46B6-95D1-0786D8704F7B",
"versionEndExcluding": "10.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column)."
},
{
"lang": "es",
"value": "Un usuario autenticado que tiene el privilegio de agregar/editar anotaciones en la pesta\u00f1a Contenido puede crear una anotaci\u00f3n maliciosa que se puede ejecutar en la p\u00e1gina de anotaciones (columna de texto de anotaci\u00f3n)."
}
],
"id": "CVE-2022-25629",
"lastModified": "2025-04-23T15:15:47.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-09T18:15:18.017",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-25630
Vulnerability from fkie_nvd - Published: 2022-12-09 18:15 - Updated: 2025-04-23 15:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
An authenticated user can embed malicious content with XSS into the admin group policy page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | messaging_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7EFB65-430E-46B6-95D1-0786D8704F7B",
"versionEndExcluding": "10.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can embed malicious content with XSS into the admin group policy page."
},
{
"lang": "es",
"value": "Un usuario autenticado puede incrustar contenido malicioso con XSS en la p\u00e1gina de pol\u00edtica del grupo de administraci\u00f3n."
}
],
"id": "CVE-2022-25630",
"lastModified": "2025-04-23T15:15:47.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-09T18:15:18.270",
"references": [
{
"source": "secure@symantec.com",
"url": "http://packetstormsecurity.com/files/171781/Symantec-Messaging-Gateway-10.7.4-Cross-Site-Scripting.html"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171781/Symantec-Messaging-Gateway-10.7.4-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21117"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2012-6277
Vulnerability from fkie_nvd - Published: 2020-02-21 17:15 - Updated: 2024-11-21 01:45
Severity ?
Summary
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE05C15-E8B6-440F-BFB5-4A1CA7D3B382",
"versionEndIncluding": "8.5.3.6",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8FF0B4-21A9-414D-938A-B27D6EF8350E",
"versionEndIncluding": "8.5.3",
"versionStartIncluding": "8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B17C35B-5DF5-42CF-B97E-FB2D24747603",
"versionEndExcluding": "11.6.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention_enforce\\/detection_servers:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "32914759-628E-4F6E-8ADA-291F4F80FF62",
"versionEndExcluding": "11.6.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention_enforce\\/detection_servers:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "056E5F20-0573-45E8-80A2-F1B5516500EF",
"versionEndExcluding": "11.6.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:*:*:*:*:*:microsoft_exchange:*:*",
"matchCriteriaId": "05E1DA05-2A64-4B66-9C3A-42407BAE35F4",
"versionEndIncluding": "6.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:*:*:*:*:*:domino:*:*",
"matchCriteriaId": "741E89BC-A1F6-4385-B5FC-8541E9C71BB8",
"versionEndIncluding": "8.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B40695CA-A51A-4383-9E99-5FBC1AD8F6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A7C81B-DA0B-4A32-98ED-9D3A26CB3A49",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:autonomy_keyview_idol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D21A9CB-B944-4087-A20F-5DBDDB43E6D1",
"versionEndExcluding": "10.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Autonomy KeyView IDOL versiones anteriores a 10.16, como es usado en Symantec Mail Security para Microsoft Exchange versiones anteriores a 6.5.8, Symantec Mail Security para Domino versiones anteriores a 8.1.1, Symantec Messaging Gateway versiones anteriores a 10.0.1, Symantec Data Loss Prevention (DLP) versiones anteriores a 11.6.1, IBM Notes versiones 8.5.x, IBM Lotus Domino versiones 8.5.x anteriores a 8.5.3 FP4, y otros productos, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de un archivo dise\u00f1ado, relacionado con \"una serie de problemas subyacentes\" en los que \"algunos de estos casos demostraron corrupci\u00f3n de la memoria con una entrada controlada por el atacante y podr\u00edan ser explotados para ejecutar c\u00f3digo arbitrario\"."
}
],
"id": "CVE-2012-6277",
"lastModified": "2024-11-21T01:45:58.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-21T17:15:10.883",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/56610"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/plugins/nessus/67192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/56610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/plugins/nessus/67192"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18377
Vulnerability from fkie_nvd - Published: 2019-12-11 16:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | messaging_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BBF772-4B09-4EFE-A2DE-5FCE36A6CA41",
"versionEndExcluding": "10.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
},
{
"lang": "es",
"value": "Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema mediante el cual un atacante puede intentar comprometer la aplicaci\u00f3n de software para conseguir un acceso elevado a recursos que normalmente est\u00e1n protegidos de una aplicaci\u00f3n o un usuario."
}
],
"id": "CVE-2019-18377",
"lastModified": "2024-11-21T04:33:09.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T16:15:11.540",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18378
Vulnerability from fkie_nvd - Published: 2019-12-11 16:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | messaging_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BBF772-4B09-4EFE-A2DE-5FCE36A6CA41",
"versionEndExcluding": "10.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
},
{
"lang": "es",
"value": "Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una explotaci\u00f3n de tipo cross-site scripting (XSS), el cual es un tipo de problema que puede permitir a atacantes inyectar scripts del lado del cliente en p\u00e1ginas web vistas por otros usuarios. Los atacantes pueden utilizar una vulnerabilidad de tipo cross-site scripting para omitir los controles de acceso, tal y como la pol\u00edtica del mismo origen."
}
],
"id": "CVE-2019-18378",
"lastModified": "2024-11-21T04:33:09.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T16:15:11.650",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18379
Vulnerability from fkie_nvd - Published: 2019-12-11 16:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | messaging_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BBF772-4B09-4EFE-A2DE-5FCE36A6CA41",
"versionEndExcluding": "10.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface."
},
{
"lang": "es",
"value": "Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una explotaci\u00f3n de tipo server-side request forgery (SSRF), que es un tipo de problema que puede permitir a un atacante enviar peticiones creadas desde el servidor backend de una aplicaci\u00f3n web vulnerable o un acceso a servicios disponible por medio de la interfaz loopback."
}
],
"id": "CVE-2019-18379",
"lastModified": "2024-11-21T04:33:10.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T16:15:11.747",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-9699
Vulnerability from fkie_nvd - Published: 2019-10-24 16:15 - Updated: 2024-11-21 04:52
Severity ?
Summary
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | messaging_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57AF6945-1FA7-44E5-862A-E3814408AB3F",
"versionEndExcluding": "10.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
},
{
"lang": "es",
"value": "Symantec Messaging Gateway (anterior a versi\u00f3n 10.7.0) puede ser susceptible a un problema de divulgaci\u00f3n de informaci\u00f3n, que es un tipo de vulnerabilidad que podr\u00eda permitir potencialmente el acceso no autorizado a los datos."
}
],
"id": "CVE-2019-9699",
"lastModified": "2024-11-21T04:52:07.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-24T16:15:21.097",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1482.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1482.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-12243
Vulnerability from fkie_nvd - Published: 2018-09-19 15:29 - Updated: 2024-11-21 03:44
Severity ?
Summary
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/105330 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://support.symantec.com/en_US/article.SYMSA1461.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105330 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.symantec.com/en_US/article.SYMSA1461.html | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | messaging_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D25EDB76-F75D-4C5E-9122-EB4F520D569D",
"versionEndExcluding": "10.6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible."
},
{
"lang": "es",
"value": "El producto Symantec Messaging Gateway en versiones anteriores a la 10.6.6 puede ser susceptible a una explotaci\u00f3n XXE (XML External Entity), que es un tipo de vulnerabilidad en el que los XML entrantes que contengan una referencia a una entidad externa son procesados por un analizador XML con una configuraci\u00f3n d\u00e9bil. El ataque utiliza esquemas URI de archivos o rutas relativas en el identificador del sistema para acceder a archivos que no deber\u00edan normalmente ser accesibles."
}
],
"id": "CVE-2018-12243",
"lastModified": "2024-11-21T03:44:50.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-19T15:29:19.217",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105330"
},
{
"source": "secure@symantec.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-12242
Vulnerability from fkie_nvd - Published: 2018-09-19 15:29 - Updated: 2024-11-21 03:44
Severity ?
Summary
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/105329 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://support.symantec.com/en_US/article.SYMSA1461.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105329 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.symantec.com/en_US/article.SYMSA1461.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | messaging_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D25EDB76-F75D-4C5E-9122-EB4F520D569D",
"versionEndExcluding": "10.6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."
},
{
"lang": "es",
"value": "El producto Symantec Messaging Gateway en versiones anteriores a la 10.6.6 puede ser susceptible a una explotaci\u00f3n de omisi\u00f3n de autenticaci\u00f3n, que es un tipo de vulnerabilidad que puede permitir a los atacantes omitir los mecanismos de seguridad actuales y obtener acceso al sistema o red."
}
],
"id": "CVE-2018-12242",
"lastModified": "2024-11-21T03:44:50.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-19T15:29:19.110",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105329"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15532
Vulnerability from fkie_nvd - Published: 2017-12-20 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | messaging_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E12A8B76-E165-4E00-AA9F-856AD83C38AA",
"versionEndExcluding": "10.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files."
},
{
"lang": "es",
"value": "En versiones anteriores a la 10.6.4, Symantec Messaging Gateway podr\u00eda ser susceptible a un ataque de salto de ruta (tambi\u00e9n conocido como salto de directorio). Este tipo de ataque intenta acceder a archivos y directorios que est\u00e1n almacenados fuera de la carpeta web root. Al manipular variables, ser\u00eda posible acceder a archivos y directorios arbitrarios almacenados en el sistema de archivos, incluyendo el c\u00f3digo fuente de la aplicaci\u00f3n o archivos cr\u00edticos o de configuraci\u00f3n del sistema."
}
],
"id": "CVE-2017-15532",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-20T18:29:00.950",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102096"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-25629 (GCVE-0-2022-25629)
Vulnerability from cvelistv5 – Published: 2022-12-09 00:00 – Updated: 2025-04-23 14:21
VLAI?
Summary
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
Severity ?
5.4 (Medium)
CWE
- Stored XSS Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
All releases prior to SMG 10.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-25629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:21:02.178287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:21:33.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All releases prior to SMG 10.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2022-25629",
"datePublished": "2022-12-09T00:00:00.000Z",
"dateReserved": "2022-02-21T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:21:33.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25630 (GCVE-0-2022-25630)
Vulnerability from cvelistv5 – Published: 2022-12-09 00:00 – Updated: 2025-04-23 14:20
VLAI?
Summary
An authenticated user can embed malicious content with XSS into the admin group policy page.
Severity ?
5.4 (Medium)
CWE
- Stored XSS Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
All releases prior to SMG 10.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21117"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171781/Symantec-Messaging-Gateway-10.7.4-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-25630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:17:32.121255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:20:36.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All releases prior to SMG 10.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can embed malicious content with XSS into the admin group policy page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21117"
},
{
"url": "http://packetstormsecurity.com/files/171781/Symantec-Messaging-Gateway-10.7.4-Cross-Site-Scripting.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2022-25630",
"datePublished": "2022-12-09T00:00:00.000Z",
"dateReserved": "2022-02-21T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:20:36.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6277 (GCVE-0-2012-6277)
Vulnerability from cvelistv5 – Published: 2020-02-21 16:50 – Updated: 2024-08-06 21:28
VLAI?
Summary
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autonomy KeyView IDOL |
Affected:
before 10.16
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/plugins/nessus/67192"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/56610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autonomy KeyView IDOL",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 10.16"
}
]
}
],
"datePublic": "2012-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-21T16:50:17",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/plugins/nessus/67192"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/56610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-6277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autonomy KeyView IDOL",
"version": {
"version_data": [
{
"version_value": "before 10.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.symsa1262.html",
"refsource": "MISC",
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"name": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/",
"refsource": "MISC",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"name": "https://www.kb.cert.org/vuls/id/849841/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277",
"refsource": "MISC",
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
},
{
"name": "https://www.tenable.com/plugins/nessus/67192",
"refsource": "MISC",
"url": "https://www.tenable.com/plugins/nessus/67192"
},
{
"name": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482",
"refsource": "MISC",
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
},
{
"name": "https://www.securityfocus.com/bid/56610",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/56610"
},
{
"name": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-6277",
"datePublished": "2020-02-21T16:50:17",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18379 (GCVE-0-2019-18379)
Vulnerability from cvelistv5 – Published: 2019-12-11 15:49 – Updated: 2024-08-05 01:54
VLAI?
Summary
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.
Severity ?
No CVSS data available.
CWE
- SSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
prior to 10.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 10.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T15:49:28",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "prior to 10.7.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1501.html",
"refsource": "MISC",
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18379",
"datePublished": "2019-12-11T15:49:28",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18378 (GCVE-0-2019-18378)
Vulnerability from cvelistv5 – Published: 2019-12-11 15:49 – Updated: 2024-08-05 01:54
VLAI?
Summary
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
prior to 10.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:13.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 10.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T15:49:17",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "prior to 10.7.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1501.html",
"refsource": "MISC",
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18378",
"datePublished": "2019-12-11T15:49:17",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:13.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18377 (GCVE-0-2019-18377)
Vulnerability from cvelistv5 – Published: 2019-12-11 15:49 – Updated: 2024-08-05 01:54
VLAI?
Summary
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
prior to 10.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 10.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T15:49:05",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "prior to 10.7.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1501.html",
"refsource": "MISC",
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18377",
"datePublished": "2019-12-11T15:49:05",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9699 (GCVE-0-2019-9699)
Vulnerability from cvelistv5 – Published: 2019-10-24 15:32 – Updated: 2024-08-04 21:54
VLAI?
Summary
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec | Symantec Messaging Gateway |
Affected:
Prior to 10.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1482.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "Prior to 10.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-24T15:32:19",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1482.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-9699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "Prior to 10.7.0"
}
]
}
}
]
},
"vendor_name": "Symantec"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1482.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1482.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-9699",
"datePublished": "2019-10-24T15:32:19",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12242 (GCVE-0-2018-12242)
Vulnerability from cvelistv5 – Published: 2018-09-19 15:00 – Updated: 2024-09-16 18:55
VLAI?
Summary
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Messaging Gateway |
Affected:
Prior to 10.6.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 10.6.6"
}
]
}
],
"datePublic": "2018-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-20T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-09-12T00:00:00",
"ID": "CVE-2018-12242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "Prior to 10.6.6"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1461.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12242",
"datePublished": "2018-09-19T15:00:00Z",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-09-16T18:55:16.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12243 (GCVE-0-2018-12243)
Vulnerability from cvelistv5 – Published: 2018-09-19 15:00 – Updated: 2024-09-16 20:21
VLAI?
Summary
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.
Severity ?
No CVSS data available.
CWE
- XXE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Messaging Gateway |
Affected:
Prior to 10.6.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105330"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 10.6.6"
}
]
}
],
"datePublic": "2018-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-20T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105330"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-09-12T00:00:00",
"ID": "CVE-2018-12243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "Prior to 10.6.6"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1461.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105330"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12243",
"datePublished": "2018-09-19T15:00:00Z",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-09-16T20:21:44.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15532 (GCVE-0-2017-15532)
Vulnerability from cvelistv5 – Published: 2017-12-20 18:00 – Updated: 2024-09-16 16:58
VLAI?
Summary
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Messaging Gateway |
Affected:
Prior to 10.6.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102096",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102096"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Messaging Gateway",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 10.6.4"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "102096",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102096"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-15532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "Prior to 10.6.4"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102096"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-15532",
"datePublished": "2017-12-20T18:00:00Z",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-09-16T16:58:19.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25629 (GCVE-0-2022-25629)
Vulnerability from nvd – Published: 2022-12-09 00:00 – Updated: 2025-04-23 14:21
VLAI?
Summary
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
Severity ?
5.4 (Medium)
CWE
- Stored XSS Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
All releases prior to SMG 10.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-25629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:21:02.178287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:21:33.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All releases prior to SMG 10.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2022-25629",
"datePublished": "2022-12-09T00:00:00.000Z",
"dateReserved": "2022-02-21T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:21:33.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25630 (GCVE-0-2022-25630)
Vulnerability from nvd – Published: 2022-12-09 00:00 – Updated: 2025-04-23 14:20
VLAI?
Summary
An authenticated user can embed malicious content with XSS into the admin group policy page.
Severity ?
5.4 (Medium)
CWE
- Stored XSS Vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
All releases prior to SMG 10.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21117"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171781/Symantec-Messaging-Gateway-10.7.4-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-25630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:17:32.121255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:20:36.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All releases prior to SMG 10.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can embed malicious content with XSS into the admin group policy page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21117"
},
{
"url": "http://packetstormsecurity.com/files/171781/Symantec-Messaging-Gateway-10.7.4-Cross-Site-Scripting.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2022-25630",
"datePublished": "2022-12-09T00:00:00.000Z",
"dateReserved": "2022-02-21T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:20:36.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6277 (GCVE-0-2012-6277)
Vulnerability from nvd – Published: 2020-02-21 16:50 – Updated: 2024-08-06 21:28
VLAI?
Summary
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autonomy KeyView IDOL |
Affected:
before 10.16
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/plugins/nessus/67192"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/56610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autonomy KeyView IDOL",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 10.16"
}
]
}
],
"datePublic": "2012-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-21T16:50:17",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/plugins/nessus/67192"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/56610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-6277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autonomy KeyView IDOL",
"version": {
"version_data": [
{
"version_value": "before 10.16"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to \"a number of underlying issues\" in which \"some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.symsa1262.html",
"refsource": "MISC",
"url": "https://support.symantec.com/us/en/article.symsa1262.html"
},
{
"name": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/",
"refsource": "MISC",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/"
},
{
"name": "https://www.kb.cert.org/vuls/id/849841/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/849841/"
},
{
"name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277",
"refsource": "MISC",
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277"
},
{
"name": "https://www.tenable.com/plugins/nessus/67192",
"refsource": "MISC",
"url": "https://www.tenable.com/plugins/nessus/67192"
},
{
"name": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482",
"refsource": "MISC",
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=27482"
},
{
"name": "https://www.securityfocus.com/bid/56610",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/56610"
},
{
"name": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-6277",
"datePublished": "2020-02-21T16:50:17",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18379 (GCVE-0-2019-18379)
Vulnerability from nvd – Published: 2019-12-11 15:49 – Updated: 2024-08-05 01:54
VLAI?
Summary
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.
Severity ?
No CVSS data available.
CWE
- SSRF
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
prior to 10.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 10.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T15:49:28",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "prior to 10.7.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1501.html",
"refsource": "MISC",
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18379",
"datePublished": "2019-12-11T15:49:28",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18378 (GCVE-0-2019-18378)
Vulnerability from nvd – Published: 2019-12-11 15:49 – Updated: 2024-08-05 01:54
VLAI?
Summary
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
prior to 10.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:13.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 10.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T15:49:17",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "prior to 10.7.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1501.html",
"refsource": "MISC",
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18378",
"datePublished": "2019-12-11T15:49:17",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:13.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18377 (GCVE-0-2019-18377)
Vulnerability from nvd – Published: 2019-12-11 15:49 – Updated: 2024-08-05 01:54
VLAI?
Summary
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Messaging Gateway |
Affected:
prior to 10.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 10.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T15:49:05",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "prior to 10.7.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1501.html",
"refsource": "MISC",
"url": "https://support.symantec.com/us/en/article.SYMSA1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18377",
"datePublished": "2019-12-11T15:49:05",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9699 (GCVE-0-2019-9699)
Vulnerability from nvd – Published: 2019-10-24 15:32 – Updated: 2024-08-04 21:54
VLAI?
Summary
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec | Symantec Messaging Gateway |
Affected:
Prior to 10.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1482.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "Prior to 10.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-24T15:32:19",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1482.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-9699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "Prior to 10.7.0"
}
]
}
}
]
},
"vendor_name": "Symantec"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1482.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1482.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-9699",
"datePublished": "2019-10-24T15:32:19",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12242 (GCVE-0-2018-12242)
Vulnerability from nvd – Published: 2018-09-19 15:00 – Updated: 2024-09-16 18:55
VLAI?
Summary
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Messaging Gateway |
Affected:
Prior to 10.6.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 10.6.6"
}
]
}
],
"datePublic": "2018-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-20T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-09-12T00:00:00",
"ID": "CVE-2018-12242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "Prior to 10.6.6"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1461.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12242",
"datePublished": "2018-09-19T15:00:00Z",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-09-16T18:55:16.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12243 (GCVE-0-2018-12243)
Vulnerability from nvd – Published: 2018-09-19 15:00 – Updated: 2024-09-16 20:21
VLAI?
Summary
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.
Severity ?
No CVSS data available.
CWE
- XXE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Messaging Gateway |
Affected:
Prior to 10.6.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105330"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Messaging Gateway",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 10.6.6"
}
]
}
],
"datePublic": "2018-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-20T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105330"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-09-12T00:00:00",
"ID": "CVE-2018-12243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "Prior to 10.6.6"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1461.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1461.html"
},
{
"name": "105330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105330"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12243",
"datePublished": "2018-09-19T15:00:00Z",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-09-16T20:21:44.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15532 (GCVE-0-2017-15532)
Vulnerability from nvd – Published: 2017-12-20 18:00 – Updated: 2024-09-16 16:58
VLAI?
Summary
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Messaging Gateway |
Affected:
Prior to 10.6.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102096",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102096"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Messaging Gateway",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 10.6.4"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "102096",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102096"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-15532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Messaging Gateway",
"version": {
"version_data": [
{
"version_value": "Prior to 10.6.4"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102096"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20171220_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-15532",
"datePublished": "2017-12-20T18:00:00Z",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-09-16T16:58:19.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}