Vulnerabilities > Symantec > Messaging Gateway

DATE CVE VULNERABILITY TITLE RISK
2022-12-09 CVE-2022-25629 Cross-site Scripting vulnerability in Symantec Messaging Gateway
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
network
low complexity
symantec CWE-79
5.4
2022-12-09 CVE-2022-25630 Cross-site Scripting vulnerability in Symantec Messaging Gateway
An authenticated user can embed malicious content with XSS into the admin group policy page.
network
low complexity
symantec CWE-79
5.4
2020-02-21 CVE-2012-6277 Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."
network
ibm symantec hp
critical
9.3
2019-12-11 CVE-2019-18379 Server-Side Request Forgery (SSRF) vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.
network
low complexity
symantec CWE-918
7.5
2019-12-11 CVE-2019-18378 Cross-site Scripting vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.
network
symantec CWE-79
3.5
2019-12-11 CVE-2019-18377 Unspecified vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
network
low complexity
symantec
6.5
2019-10-24 CVE-2019-9699 Information Exposure vulnerability in Symantec Messaging Gateway
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
low complexity
symantec CWE-200
2.7
2018-09-19 CVE-2018-12243 XXE vulnerability in Symantec Messaging Gateway
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser.
low complexity
symantec CWE-611
5.8
2018-09-19 CVE-2018-12242 Improper Authentication vulnerability in Symantec Messaging Gateway
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
network
low complexity
symantec CWE-287
7.5
2017-12-20 CVE-2017-15532 Path Traversal vulnerability in Symantec Messaging Gateway
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal).
low complexity
symantec CWE-22
5.5