Skip to main content

Secure Mail Gateway

5 CVEs product

Monthly

CVE-2018-6291 MEDIUM POC This Month

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secure Mail Gateway
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-6290 HIGH POC This Week

Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Secure Mail Gateway
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-6289 CRITICAL POC Act Now

Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Secure Mail Gateway
NVD
CVSS 3.0
9.8
EPSS
6.7%
CVE-2018-6288 HIGH POC This Week

Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Secure Mail Gateway
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2013-6037 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Secure Mail Gateway
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secure Mail Gateway
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Secure Mail Gateway
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Secure Mail Gateway
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Secure Mail Gateway
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Secure Mail Gateway
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy