CVSS: 7.9EPSS: 19%CPEs: 5EXPL: 1CVE-2012-3579 – Symantec Messaging Gateway 9.5/9.5.1 - SSH Default Password Security Bypass
https://notcve.org/view.php?id=CVE-2012-3579
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. Symantec Messaging Gateway anterior a v10.0 tiene por defecto una contraseña para una cuenta no especificada, lo que hace más fácil para atacantes remotos obtener privilegios de acceso a través de una sesión SSH. • https://www.exploit-db.com/exploits/21136 http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.html http://www.securityfocus.com/bid/55143 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/78034 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120827_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 0CVE-2012-0307
https://notcve.org/view.php?id=CVE-2012-0307
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Symantec Messaging Gateway anterior a v10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de contenido web (1) o (2) el contenido de e-mail. • http://www.securityfocus.com/bid/55138 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/78031 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 3%CPEs: 6EXPL: 1CVE-2012-0308 – Symantec Messaging Gateway 9.5.3-3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2012-0308
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en Symantec Messaging Gateway anterior a v10.0 permite a atacantes remotos secuestrar la autenticación de los administradores • https://www.exploit-db.com/exploits/23109 http://www.securityfocus.com/bid/55137 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 • CWE-352: Cross-Site Request Forgery (CSRF) •