Information Disclosure Vulnerability in Symantec Messaging Gateway by Broadcom
CVE-2020-12595

4.9MEDIUM

Key Information:

Vendor: Broadcom
Status: Symantec Messaging Gateway (smg)
Vendor: CVE Published:; 10 December 2020

What is CVE-2020-12595?

An information disclosure vulnerability in Symantec Messaging Gateway could allow a malicious authenticated user with privileged access to retrieve sensitive passwords for a remote SCP backup server. This flaw poses significant security risks, as it may grant unauthorized access to critical backup data. It is crucial for users of versions prior to 10.7.4 to take appropriate measures to mitigate this vulnerability.

Affected Version(s)

Symantec Messaging Gateway (SMG) SMG prior to 10.7.4

References

https://support.broadcom.com/security-advisory/content/se...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2020
Vulnerability Reserved
Apr 30, 2020