Pgp Universal Server
Monthly
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic. Rated low severity (CVSS 2.9). No vendor patch available.
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic. Rated low severity (CVSS 2.9). No vendor patch available.