Arseny Sharoglazov

**Name of the Vulnerable Software and Affected Versions** Symantec Messaging Gateway versions prior to 10.6.6 **Description** The issue is related to an authentication bypass exploit, which can allow attackers to potentially circumvent security mechanisms and gain access to the system or network. **Recommendations** For versions prior to 10.6.6, update to version 10.6.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Symantec Messaging Gateway versions prior to 10.6.6 **Description** The issue is related to a XML external entity (XXE) exploit. This type of issue occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser, allowing access to files that should not normally be accessible through file URI schemes or relative paths in the system identifier. **Recommendations** For versions prior to 10.6.6, update to version 10.6.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dell EMC iDRAC6 versions prior to 2.91 Dell EMC iDRAC6 Modular all versions **Description** The web-based diagnostics console contains a command injection issue. A remote authenticated malicious user with access to the diagnostics console could potentially exploit this to execute arbitrary commands as root on the affected system. **Recommendations** For versions prior to 2.91, update to version 2.91 or later to resolve the issue. For Modular versions, at the moment, there is no information about a newer version that contains a fix for this issue.