CVE-2012-4347

2012-12-0511:57:14

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.911

Percentile

98.9%

JSON

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a … (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.

Affected configurations

Nvd

Node

symantecmessaging_gatewayMatch9.5

symantecmessaging_gatewayMatch9.5.1

symantecmessaging_gatewayMatch9.5.2

symantecmessaging_gatewayMatch9.5.3

symantecmessaging_gatewayMatch9.5.4

VendorProductVersionCPE
symantecmessaging_gateway9.5cpe:2.3:a:symantec:messaging_gateway:9.5:*:*:*:*:*:*:*
symantecmessaging_gateway9.5.1cpe:2.3:a:symantec:messaging_gateway:9.5.1:*:*:*:*:*:*:*
symantecmessaging_gateway9.5.2cpe:2.3:a:symantec:messaging_gateway:9.5.2:*:*:*:*:*:*:*
symantecmessaging_gateway9.5.3cpe:2.3:a:symantec:messaging_gateway:9.5.3:*:*:*:*:*:*:*
symantecmessaging_gateway9.5.4cpe:2.3:a:symantec:messaging_gateway:9.5.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	messaging_gateway	9.5	cpe:2.3:a:symantec:messaging_gateway:9.5:::::::*
symantec	messaging_gateway	9.5.1	cpe:2.3:a:symantec:messaging_gateway:9.5.1:::::::*
symantec	messaging_gateway	9.5.2	cpe:2.3:a:symantec:messaging_gateway:9.5.2:::::::*
symantec	messaging_gateway	9.5.3	cpe:2.3:a:symantec:messaging_gateway:9.5.3:::::::*
symantec	messaging_gateway	9.5.4	cpe:2.3:a:symantec:messaging_gateway:9.5.4:::::::*