VAR-201809-0138
Vulnerability from variot - Updated: 2023-12-18 12:56The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. Symantec Messaging Gateway Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Versions prior to Messaging Gateway 10.6.6 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0138",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "messaging gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "symantec",
"version": "10.6.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.9,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "10.5.0"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.3"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.5"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.4"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.2"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.1"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6"
},
{
"model": "messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.1"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.6.6"
}
],
"sources": [
{
"db": "BID",
"id": "105329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.6.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Artem Kondratenko, Arseny Sharoglazov, Alexey Osipov from Kaspersky Lab Security Services @kl_secservices",
"sources": [
{
"db": "BID",
"id": "105329"
}
],
"trust": 0.3
},
"cve": "CVE-2018-12242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-12242",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-122182",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12242",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12242",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-889",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122182",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. Symantec Messaging Gateway Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nVersions prior to Messaging Gateway 10.6.6 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12242"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "BID",
"id": "105329"
},
{
"db": "VULHUB",
"id": "VHN-122182"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12242",
"trust": 2.8
},
{
"db": "BID",
"id": "105329",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122182",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "BID",
"id": "105329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
]
},
"id": "VAR-201809-0138",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:49.696000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SYMSA1461",
"trust": 0.8,
"url": "https://support.symantec.com/en_us/article.symsa1461.html"
},
{
"title": "Symantec Messaging Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85008"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.symantec.com/en_us/article.symsa1461.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/105329"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12242"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12242"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "BID",
"id": "105329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122182"
},
{
"db": "BID",
"id": "105329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"db": "NVD",
"id": "CVE-2018-12242"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-122182"
},
{
"date": "2018-09-19T00:00:00",
"db": "BID",
"id": "105329"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"date": "2018-09-19T15:29:19.110000",
"db": "NVD",
"id": "CVE-2018-12242"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-122182"
},
{
"date": "2018-09-19T00:00:00",
"db": "BID",
"id": "105329"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011522"
},
{
"date": "2018-12-08T02:28:19.473000",
"db": "NVD",
"id": "CVE-2018-12242"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Messaging Gateway Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011522"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-889"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…