CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-12465

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile29.50th
Published2018年6月29日
Last Modified2024年11月21日

Vulnerability Description

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).

Affected Platforms (CPE)

📦
Microfocus

Secure Messaging Gateway

< 471

References & Advisories

🔗 https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
🔗 https://support.microfocus.com/kb/doc.php?id=7023133
🔗 https://www.exploit-db.com/exploits/45083/
🔗 https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/
🔗 https://support.microfocus.com/kb/doc.php?id=7023133
🔗 https://www.exploit-db.com/exploits/45083/

相關漏洞威脅

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2018-122429.8

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of ...

CVE-2011-05489.3

Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x t...