Annotation Execution Vulnerability in Broadcom Product
CVE-2022-25629

5.4MEDIUM

Key Information:

Vendor: Symantec
Status: Symantec Messaging Gateway
Vendor: CVE Published:; 9 December 2022

Summary

An authenticated user with permission to add or edit annotations may create a malicious annotation that can be executed on the annotations page, posing a significant security risk. This vulnerability allows for potential exploitation through crafted content that could affect the integrity of the application.

Affected Version(s)

Symantec Messaging Gateway All releases prior to SMG 10.8

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2022
Vulnerability Reserved
Feb 21, 2022