Vulnerabilities > CVE-2020-12595 - Unspecified vulnerability in Broadcom Symantec Messaging Gateway 10.5/10.7/9.5

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

broadcom

NVD

Published: 2020-12-10

Updated: 2020-12-14

Summary

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.

Vulnerable Configurations

Part	Description	Count
Application	Broadcom Broadcom Symantec Messaging Gateway - Broadcom Symantec Messaging Gateway 9.5 Broadcom Symantec Messaging Gateway 10.5 Broadcom Symantec Messaging Gateway 10.7	4

References

https://support.broadcom.com/security-advisory/content/security-advisories/Privilege-Escalation-and-Information-Disclosure-Vulnerabilities-in-SMG/SYMSA16609