threat
engine
.sh
Back
·
··:··
Home
/
Product
/
symantec messaging gateway
Product
symantec messaging gateway
31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-23615
<= 10.5
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can ex
10.0
CRITICAL
CVE-2024-23614
<= 9.5
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exp
10.0
CRITICAL
CVE-2022-25630
< 10.8
An authenticated user can embed malicious content with XSS into the admin group policy page.
5.4
MEDIUM
CVE-2022-25629
< 10.8
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can
5.4
MEDIUM
CVE-2021-30651
>= 10.7 and < 10.7.5
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might n
4.9
MEDIUM
CVE-2020-12595
< 10.7.4
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP bac
4.9
MEDIUM
CVE-2020-12594
< 10.7.4
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and
7.2
HIGH
CVE-2012-6277
>= 9.5 and < 10.0.1
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchan
7.8
HIGH
CVE-2019-18379
< 10.7.3
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type o
7.3
HIGH
CVE-2019-18378
< 10.7.3
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue
4.8
MEDIUM
CVE-2019-18377
< 10.7.3
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue
7.2
HIGH
CVE-2019-9699
< 10.7.0
Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerabil
4.5
MEDIUM
CVE-2018-12243
< 10.6.6
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type
8.8
HIGH
CVE-2018-12242
< 10.6.6
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of
9.8
CRITICAL
CVE-2017-15532
< 10.6.4
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). The
5.7
MEDIUM
CVE-2017-6326
<= 10.6.3
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual
10.0
CRITICAL
CVE-2017-6325
<= 10.6.2
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonl
6.6
MEDIUM
CVE-2017-6324
<= 10.6.2
The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a p
7.3
HIGH
CVE-2016-5312
<= 10.6.1
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticate
6.5
MEDIUM
CVE-2016-5310
<= 10.6.1
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec E
5.5
MEDIUM
CVE-2016-5309
<= 10.6.1
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec E
5.5
MEDIUM
CVE-2016-2204
<= 10.6.0
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell
8.2
HIGH
CVE-2016-2203
all versions
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encry
7.8
HIGH
CVE-2014-1648
all versions
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Sym
CVE-2014-0160
all versions
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which
7.5
HIGH
CVE-2012-4347
all versions
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote auth
CVE-2012-3581
<= 9.5.4
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component v
CVE-2012-3580
<= 9.5.4
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access
CVE-2012-3579
<= 9.5.4
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote a
CVE-2012-0308
<= 9.5.4
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack
CVE-2012-0307
<= 9.5.4
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inje
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin