CVE-2018-12243
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.
El producto Symantec Messaging Gateway en versiones anteriores a la 10.6.6 puede ser susceptible a una explotación XXE (XML External Entity), que es un tipo de vulnerabilidad en el que los XML entrantes que contengan una referencia a una entidad externa son procesados por un analizador XML con una configuración débil. El ataque utiliza esquemas URI de archivos o rutas relativas en el identificador del sistema para acceder a archivos que no deberían normalmente ser accesibles.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-12 CVE Reserved
- 2018-09-19 CVE Published
- 2024-02-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105330 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.symantec.com/en_US/article.SYMSA1461.html | 2018-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Messaging Gateway Search vendor "Symantec" for product "Messaging Gateway" | < 10.6.6 Search vendor "Symantec" for product "Messaging Gateway" and version " < 10.6.6" | - |
Affected
| ||||||