CyberSec.Space Logo
Back to CVE Browser

CVE-2018-12464

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile43.13th
PublishedJun 29, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).

Affected Platforms (CPE)

πŸ“¦
Microfocus

Secure Messaging Gateway

< 471

References & Advisories

πŸ”— https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
πŸ”— https://support.microfocus.com/kb/doc.php?id=7023132
πŸ”— https://www.exploit-db.com/exploits/45083/
πŸ”— https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
πŸ”— https://support.microfocus.com/kb/doc.php?id=7023132
πŸ”— https://www.exploit-db.com/exploits/45083/

Related Vulnerabilities

CVE-2018-122429.8

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of ...

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2011-05489.3

Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x t...

CVE-2018-124659.1

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a r...