Skip to main content

Messaging Gateway

24 CVEs product

Monthly

CVE-2022-25630 MEDIUM POC This Month

An authenticated user can embed malicious content with XSS into the admin group policy page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.5%
CVE-2022-25629 MEDIUM This Month

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2019-18379 HIGH This Week

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Messaging Gateway
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2019-18378 MEDIUM This Month

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-18377 HIGH This Week

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Messaging Gateway
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2019-9699 MEDIUM This Month

Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Messaging Gateway
NVD
CVSS 3.1
4.5
EPSS
0.5%
CVE-2018-12243 HIGH This Week

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Messaging Gateway
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-12242 CRITICAL Act Now

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Messaging Gateway
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2017-15532 MEDIUM This Month

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Messaging Gateway
NVD
CVSS 3.0
5.7
EPSS
0.7%
CVE-2017-6326 CRITICAL POC THREAT Emergency

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 79.1%.

RCE Messaging Gateway
NVD Exploit-DB
CVSS 3.0
10.0
EPSS
79.1%
Threat
5.9
CVE-2017-6325 MEDIUM This Month

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Messaging Gateway
NVD
CVSS 3.0
6.6
EPSS
3.4%
CVE-2017-6324 HIGH This Week

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Messaging Gateway
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2016-5312 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.0%.

Path Traversal Messaging Gateway
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
40.0%
Threat
4.0
CVE-2016-5310 MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Microsoft Denial Of Service Symantec Data Center Security Server +14
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
8.0%
CVE-2016-5309 MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Information Disclosure Symantec Data Center Security Server +14
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
8.0%
CVE-2016-2204 HIGH This Week

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Messaging Gateway
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2016-2203 HIGH POC THREAT Act Now

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 29.6%.

Authentication Bypass Messaging Gateway
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
29.6%
CVE-2014-1648 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Messaging Gateway
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-4347 MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.7%.

Path Traversal Messaging Gateway
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
69.7%
Threat
4.6
CVE-2012-3581 LOW Monitor

Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Messaging Gateway
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2012-3580 HIGH This Week

Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Messaging Gateway
NVD
CVSS 2.0
7.7
EPSS
0.9%
CVE-2012-3579 HIGH POC THREAT Act Now

Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. Rated high severity (CVSS 7.9). Public exploit code available and EPSS exploitation probability 36.4%.

Privilege Escalation Messaging Gateway
NVD Exploit-DB
CVSS 2.0
7.9
EPSS
36.4%
Threat
4.2
CVE-2012-0308 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Messaging Gateway
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-0307 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Messaging Gateway
NVD
CVSS 2.0
4.3
EPSS
0.6%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An authenticated user can embed malicious content with XSS into the admin group policy page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD Exploit-DB
EPSS 0% CVSS 5.4
MEDIUM This Month

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD
EPSS 1% CVSS 7.3
HIGH This Week

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Messaging Gateway
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Messaging Gateway
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Messaging Gateway
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Messaging Gateway
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Messaging Gateway
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Messaging Gateway
NVD
EPSS 79% 5.9 CVSS 10.0
CRITICAL POC THREAT Emergency

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 79.1%.

RCE Messaging Gateway
NVD Exploit-DB
EPSS 3% CVSS 6.6
MEDIUM This Month

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Messaging Gateway
NVD
EPSS 0% CVSS 7.3
HIGH This Week

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Messaging Gateway
NVD
EPSS 40% 4.0 CVSS 6.5
MEDIUM POC THREAT This Month

Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.0%.

Path Traversal Messaging Gateway
NVD Exploit-DB
EPSS 8% CVSS 5.5
MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Microsoft +16
NVD Exploit-DB
EPSS 8% CVSS 5.5
MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft +16
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH This Week

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Messaging Gateway
NVD
EPSS 30% CVSS 7.8
HIGH POC THREAT Act Now

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 29.6%.

Authentication Bypass Messaging Gateway
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Messaging Gateway
NVD VulDB
EPSS 70% 4.6 CVSS 5.0
MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.7%.

Path Traversal Messaging Gateway
NVD Exploit-DB
EPSS 0% CVSS 3.3
LOW Monitor

Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Messaging Gateway
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Messaging Gateway
NVD
EPSS 36% 4.2 CVSS 7.9
HIGH POC THREAT Act Now

Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. Rated high severity (CVSS 7.9). Public exploit code available and EPSS exploitation probability 36.4%.

Privilege Escalation Messaging Gateway
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Messaging Gateway
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Messaging Gateway
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy