Path Traversal Vulnerability in Symantec Messaging Gateway
CVE-2017-15532

5.7MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: Messaging Gateway
Vendor: CVE Published:; 20 December 2017

Summary

Symantec Messaging Gateway, prior to version 10.6.4, is vulnerable to a path traversal attack that allows an attacker to access files and directories outside the web root folder. By exploiting improperly handled input variables, an attacker can navigate the file system and gain unauthorized access to sensitive information, including application source code and configuration files, potentially leading to further compromise.

Affected Version(s)

Messaging Gateway Prior to 10.6.4

References

http://www.securityfocus.com/bid/102096

vdb-entryx_refsource_BID

https://www.symantec.com/security_response/securityupdate...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2017
Vulnerability Reserved
Oct 17, 2017