CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-12464

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile43.13th
Published2018年6月29日
Last Modified2024年11月21日

Vulnerability Description

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).

Affected Platforms (CPE)

📦
Microfocus

Secure Messaging Gateway

< 471

References & Advisories

🔗 https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
🔗 https://support.microfocus.com/kb/doc.php?id=7023132
🔗 https://www.exploit-db.com/exploits/45083/
🔗 https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
🔗 https://support.microfocus.com/kb/doc.php?id=7023132
🔗 https://www.exploit-db.com/exploits/45083/

相關漏洞威脅

CVE-2018-122429.8

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of ...

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2011-05489.3

Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x t...

CVE-2018-124659.1

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a r...