PT-2018-11072 · Symantec · Symantec Messaging Gateway

Alexey Osipov

Published

2018-09-19

Updated

2018-12-08

CVE-2018-12243

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symantec Messaging Gateway versions prior to 10.6.6

Description The issue is related to a XML external entity (XXE) exploit. This type of issue occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser, allowing access to files that should not normally be accessible through file URI schemes or relative paths in the system identifier.

Recommendations For versions prior to 10.6.6, update to version 10.6.6 or later to resolve the issue.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-12243

Affected Products

Symantec Messaging Gateway

PT-2018-11072 · Symantec · Symantec Messaging Gateway

CVE-2018-12243

Weakness Enumeration

Related Identifiers

Affected Products

References · 4