CVE-2018-12243

8.8HIGH

Key Information:

Vendor: Symantec Corporation
Status: Symantec Messaging Gateway
Vendor: CVE Published:; 19 September 2018

Summary

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.

Affected Version(s)

Symantec Messaging Gateway Prior to 10.6.6

References

https://support.symantec.com/en_US/article.SYMSA1461.html

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105330

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2018
Vulnerability Reserved
Jun 12, 2018