CVE-2019-18379

Published: Dec 11, 2019Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: NVD

Description

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface.

Affected (1)

Products: Symantec: Messaging Gateway

1 product

Messaging Gateway

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Symantec Messaging Gateway	Before 10.7.3

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://support.symantec.com/us/en/article.SYMSA1501.html

Source: secure@symantec.com

Vendor Advisory

https://support.symantec.com/us/en/article.SYMSA1501.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.