Symantec Messaging Gateway — known CVE vulnerabilities
Every CVE whose affected-product data names Symantec Messaging Gateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2017-6326 — CVSS 10.0 (critical): The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may…
CVE-2018-12242 — CVSS 9.8 (critical): The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue…
CVE-2018-12243 — CVSS 8.8 (high): The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue…
CVE-2016-2204 — CVSS 8.2 (high): The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access…
CVE-2012-3579 — CVSS 7.9 (high): Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers…
CVE-2012-6277 — CVSS 7.8 (high): Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before…
CVE-2016-2203 — CVSS 7.8 (high): The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD…
CVE-2012-3580 — CVSS 7.7 (high): Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the…
CVE-2017-6324 — CVSS 7.3 (high): The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a…
CVE-2019-18379 — CVSS 7.3 (high): Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue…
CVE-2019-18377 — CVSS 7.2 (high): Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby…
CVE-2012-0308 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the…
CVE-2017-6325 — CVSS 6.6 (medium): The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found…
CVE-2016-5312 — CVSS 6.5 (medium): Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users…
CVE-2017-15532 — CVSS 5.7 (medium): Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types…
CVE-2016-5310 — CVSS 5.5 (medium): The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email…
CVE-2016-5309 — CVSS 5.5 (medium): The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email…
CVE-2022-25629 — CVSS 5.4 (medium): An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be…
CVE-2012-4347 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated…
CVE-2019-18378 — CVSS 4.8 (medium): Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can…
CVE-2019-9699 — CVSS 4.5 (medium): Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that…
CVE-2012-0307 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject…
CVE-2014-1648 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec…
CVE-2012-3581 — CVSS 3.3 (low): Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions…