Lucene search
SymantecCVE-2022-25629HistoryDec 09, 2022 - 6:15 p.m.
CVE-2022-25629
2022-12-0918:15:18
CWE-79
symantec
web.nvd.nist.gov
43
cve-2022-25629
authenticated user
privilege
annotations
malicious
execution
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
22.1%
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
Affected configurations
Node
symantecmessaging_gatewayRange<10.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| symantec | messaging_gateway | * | cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "Symantec Messaging Gateway",
"versions": [
{
"version": "All releases prior to SMG 10.8",
"status": "affected"
}
]
}
]Related
prion
prion
Code injection
2022-12-09 18:15:00
nessus
nessus
Symantec Messaging Gateway < 10.8 XSS (21115)
2023-01-04 00:00:00
nvd
nvd
CVE-2022-25629
2022-12-09 18:15:18
cvelist
cvelist
CVE-2022-25629
2022-12-09 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
22.1%
Related for CVE-2022-25629