Information disclosure in Symantec Messaging Gateway - CVE-2016-5312
Published: September 28, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU668
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-5312
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Broadcom
Affected software:
Symantec Messaging Gateway
Symantec Messaging Gateway
Detailed vulnerability description
The vulnerability allows a remote authenticated user to obtain files on the target system.
The weakness exists due to input validation flaw. By sending a specially crafted request attackers can cause an error in a charting component and read arbitary files and directories.
Successful exploitation of the vulnerability may result in access to certain information on the target system.
The weakness exists due to input validation flaw. By sending a specially crafted request attackers can cause an error in a charting component and read arbitary files and directories.
Successful exploitation of the vulnerability may result in access to certain information on the target system.
How to mitigate CVE-2016-5312
Update to 10.6.2.