CyberSec.Space Logo
Back to CVE Browser

CVE-2018-12465

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile29.50th
PublishedJun 29, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).

Affected Platforms (CPE)

πŸ“¦
Microfocus

Secure Messaging Gateway

< 471

References & Advisories

πŸ”— https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
πŸ”— https://support.microfocus.com/kb/doc.php?id=7023133
πŸ”— https://www.exploit-db.com/exploits/45083/
πŸ”— https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
πŸ”— https://support.microfocus.com/kb/doc.php?id=7023133
πŸ”— https://www.exploit-db.com/exploits/45083/

Related Vulnerabilities

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2018-122429.8

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of ...

CVE-2011-05489.3

Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x t...