CVE-2017-6328

8.8HIGH

Key Information:

Vendor: Symantec Corporation
Status: Messaging Gateway
Vendor: CVE Published:; 11 August 2017

Summary

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.

Affected Version(s)

Messaging Gateway All versions prior to version 10.6.3-267

References

http://www.securityfocus.com/bid/100136

vdb-entryx_refsource_BID

https://www.symantec.com/security_response/securityupdate...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 11, 2017
Vulnerability Reserved
Feb 26, 2017