#VU668 Information disclosure in Symantec Messaging Gateway - CVE-2016-5312
Published: September 28, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU668
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-5312
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Symantec Messaging Gateway
Symantec Messaging Gateway
Software vendor:
Broadcom
Broadcom
Description
The vulnerability allows a remote authenticated user to obtain files on the target system.
The weakness exists due to input validation flaw. By sending a specially crafted request attackers can cause an error in a charting component and read arbitary files and directories.
Successful exploitation of the vulnerability may result in access to certain information on the target system.
The weakness exists due to input validation flaw. By sending a specially crafted request attackers can cause an error in a charting component and read arbitary files and directories.
Successful exploitation of the vulnerability may result in access to certain information on the target system.
Remediation
Update to 10.6.2.