Cross Site Request Forgery Vulnerability in Symantec Messaging Gateway
CVE-2017-6328

8.8HIGH

Key Information:

Vendor: Symantec Corporation
Status: Messaging Gateway
Vendor: CVE Published:; 11 August 2017

🔔 Create Symantec Corporation Vulnerability Alert

What is CVE-2017-6328?

The Symantec Messaging Gateway prior to version 10.6.3-267 is susceptible to a cross site request forgery vulnerability. This issue arises when unauthorized commands are sent from a user's trusted browser, potentially allowing attackers to perform unintended actions on behalf of legitimate users. By exploiting this vulnerability, malicious actors can manipulate web application behavior, posing a significant risk to the security and integrity of the affected systems.

Affected Version(s)

Messaging Gateway All versions prior to version 10.6.3-267

References

http://www.securityfocus.com/bid/100136

vdb-entryx_refsource_BID

https://www.symantec.com/security_response/securityupdate...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2017
Vulnerability Reserved
Feb 26, 2017