CVE-2019-18379

7.3HIGH

Key Information

Vendor: Symantec
Status: Symantec Messaging Gateway
Vendor: CVE Published:; 11 December 2019

Summary

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.

Affected Version(s)

Symantec Messaging Gateway = prior to 10.7.3

Refferences

https://support.symantec.com/us/en/article.SYMSA1501.html

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2019
Vulnerability Reserved
Oct 23, 2019

Collectors

NVD DatabaseMitre Database