CVE-2012-4347

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symantec:messaging_gateway:9.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:messaging_gateway:9.5.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-12-05 11:57

Updated : 2024-02-28 12:00


NVD link : CVE-2012-4347

Mitre link : CVE-2012-4347

CVE.ORG link : CVE-2012-4347


JSON object : View

Products Affected

symantec

  • messaging_gateway
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')