← Voltar para CVEs
CVE-2018-12243
N/ADescricao
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado9/19/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
symantec:messaging_gateway
Fraquezas (CWE)
CWE-611
Referencias
http://www.securityfocus.com/bid/105330(secure@symantec.com)
https://support.symantec.com/en_US/article.SYMSA1461.html(secure@symantec.com)
http://www.securityfocus.com/bid/105330(af854a3a-2127-422b-91ae-364da2661108)
https://support.symantec.com/en_US/article.SYMSA1461.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.