GCVE - cpe:2.3:a:symantec_corporation:messaging

Approved changes feed: RSS · Atom

cpe:2.3:a:symantec_corporation:messaging_gateway:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Symantec Corporation (`1f133db6-919e-5a9d-990b-7fae5ff12390`)
Product	Messaging Gateway (`72657705-89f2-5c8e-a695-94d7c0873fa8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-6328`	vulnerable	2026-06-03 14:37:27.583028	Details available The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. Published: 2017-08-11T20:00:00.000Z Updated: 2024-09-16T22:19:46.147Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/100136 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-6327`	vulnerable	2026-06-03 14:37:27.581397	Details available The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. Published: 2017-08-11T20:00:00.000Z Updated: 2025-10-21T23:55:35.541Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2017/Aug/28 https://www.exploit-db.com/exploits/42519/ http://www.securityfocus.com/bid/100135 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-6326`	vulnerable	2026-06-03 14:37:27.580866	Details available The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. Published: 2017-06-26T21:00:00.000Z Updated: 2024-08-05T15:25:49.127Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1038785 https://www.exploit-db.com/exploits/42251/ http://www.securityfocus.com/bid/98893 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-6325`	vulnerable	2026-06-03 14:37:27.580496	Details available The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. Published: 2017-06-26T21:00:00.000Z Updated: 2024-08-05T15:25:49.167Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1038785 http://www.securityfocus.com/bid/98890 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-6324`	vulnerable	2026-06-03 14:37:27.579527	Details available The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application. Published: 2017-06-26T21:00:00.000Z Updated: 2024-08-05T15:25:49.171Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1038785 http://www.securityfocus.com/bid/98889 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-15532`	vulnerable	2026-06-03 14:36:46.387899	Details available Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. Published: 2017-12-20T18:00:00.000Z Updated: 2024-09-16T16:58:19.631Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/102096 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171220_00	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Messaging Gateway

PURL mappings

Vulnerability references

Contribute