Vulnerability CVE-2017-15532


Published: 2017-12-20

Description:
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:A/AC:L/Au:S/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
6.9/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Symantec -> Messaging gateway 

 References:
http://www.securityfocus.com/bid/102096
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171220_00

Copyright 2024, cxsecurity.com

 

Back to Top