CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-12464

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile43.13th
Published2018年6月29日
Last Modified2024年11月21日

Vulnerability Description

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).

Affected Platforms (CPE)

📦
Microfocus

Secure Messaging Gateway

< 471

References & Advisories

🔗 https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
🔗 https://support.microfocus.com/kb/doc.php?id=7023132
🔗 https://www.exploit-db.com/exploits/45083/
🔗 https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
🔗 https://support.microfocus.com/kb/doc.php?id=7023132
🔗 https://www.exploit-db.com/exploits/45083/

関連する脆弱性情報

CVE-2018-122429.8

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of ...

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2011-05489.3

Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x t...

CVE-2018-124659.1

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a r...