Vulnerabilities > CVE-2018-12243 - XXE vulnerability in Symantec Messaging Gateway
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | CGI abuses |
NASL id | SYMANTEC_MESSAGING_GATEWAY_SYMSA1461.NASL |
description | According to its self-reported version number, the Symantec Messaging Gateway (SMG) running on the remote host is 10.x prior to 10.6.6. It is, therefore, affected by multiple vulnerabilities as described in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 117614 |
published | 2018-09-20 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/117614 |
title | Symantec Messaging Gateway 10.x < 10.6.6 Multiple Vulnerabilities (SYMSA1461) |
code |
|