PT-2018-11072 · Symantec · Symantec Messaging Gateway

Alexey Osipov

Publicado

2018-09-19

Atualizado

2018-12-08

CVE-2018-12243

CVSS v3.1

8.8

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symantec Messaging Gateway versions prior to 10.6.6

Description The issue is related to a XML external entity (XXE) exploit. This type of issue occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser, allowing access to files that should not normally be accessible through file URI schemes or relative paths in the system identifier.

Recommendations For versions prior to 10.6.6, update to version 10.6.6 or later to resolve the issue.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2018-12243

Produtos afetados

Symantec Messaging Gateway

PT-2018-11072 · Symantec · Symantec Messaging Gateway

CVE-2018-12243

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4