Symantec: >> Messaging Gateway Security Vulnerabilities
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
CVSS Score
7.9
EPSS Score
0.364
Published
2012-08-29
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface.
CVSS Score
7.7
EPSS Score
0.009
Published
2012-08-29
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.
CVSS Score
3.3
EPSS Score
0.002
Published
2012-08-29
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.
CVSS Score
4.3
EPSS Score
0.006
Published
2012-08-29
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.
CVSS Score
6.8
EPSS Score
0.002
Published
2012-08-29
Page 3