CVE-2017-6327

Name of the Vulnerable Software and Affected Versions Symantec Messaging Gateway versions prior to 10.6.3-267

Description The issue exists due to insufficient input validation in the goform/formEMR30 component of the Symantec Messaging Gateway. This can allow a remote attacker to elevate their privileges or execute arbitrary code. The vulnerability describes a situation where an individual may obtain the ability to execute commands remotely on a target machine or in a target process. After gaining access to the system, the attacker may attempt to elevate their privileges.

Recommendations For versions prior to 10.6.3-267, update to version 10.6.3-267 or later to resolve the issue. As a temporary workaround, consider restricting access to the goform/formEMR30 component to minimize the risk of exploitation.