Directory Traversal Vulnerabilities in Symantec Messaging Gateway Management Console
CVE-2012-4347
Currently unrated
What is CVE-2012-4347?
The Symantec Messaging Gateway 9.5.x contains multiple directory traversal vulnerabilities in its management console, enabling remote authenticated users to access and read arbitrary files. These issues are related to the improper validation of input parameters, such as the logFile parameter in the 'brightmail/export' logs action and the localBackupFileSelection parameter in the 'brightmail/admin/restore/download.do' action. Exploitation of these vulnerabilities could lead to unauthorized information disclosure, increasing the risk of further attacks or data leaks.