Directory Traversal Vulnerabilities in Symantec Messaging Gateway Management Console
CVE-2012-4347

Currently unrated

Key Information:

Vendor: Symantec
Status: Messaging Gateway
Vendor: CVE Published:; 5 December 2012

Summary

The Symantec Messaging Gateway 9.5.x contains multiple directory traversal vulnerabilities in its management console, enabling remote authenticated users to access and read arbitrary files. These issues are related to the improper validation of input parameters, such as the logFile parameter in the 'brightmail/export' logs action and the localBackupFileSelection parameter in the 'brightmail/admin/restore/download.do' action. Exploitation of these vulnerabilities could lead to unauthorized information disclosure, increasing the risk of further attacks or data leaks.

References

http://www.securityfocus.com/bid/56789

vdb-entryx_refsource_BID

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

EPSS Score

69% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 5, 2012
Vulnerability Reserved
Aug 16, 2012