Vulnerabilities > Symantec > Messaging Gateway > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-21 | CVE-2012-6277 | Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." | 7.8 |
2019-12-11 | CVE-2019-18379 | Server-Side Request Forgery (SSRF) vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | 7.3 |
2019-12-11 | CVE-2019-18377 | Unspecified vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.2 |
2018-09-19 | CVE-2018-12243 | XXE vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. | 8.8 |
2017-06-26 | CVE-2017-6324 | Unspecified vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. | 7.3 |
2016-04-22 | CVE-2016-2204 | Injection vulnerability in Symantec Messaging Gateway 10.6.0 The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | 8.2 |
2016-04-22 | CVE-2016-2203 | Credentials Management vulnerability in Symantec Messaging Gateway 10.6.0 The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | 7.8 |