Information Disclosure Vulnerability in Symantec Messaging Gateway
Summary
The Symantec Messaging Gateway (SMG) web interface is susceptible to an information disclosure vulnerability. A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.
Affected Product(s)
Symantec Messaging Gateway (SMG) | ||
CVE | Supported Version(s) | Remediation |
CVE-2021-30651 | 10.7 | Upgrade to 10.7.5 |
Issue Details
CVE-2021-30651 | |
Severity / CVSS v3.1: | Medium / 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) |
References: | NVD: CVE-2021-30651 |
Impact: | Information disclosure |
Description: | A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. |
Acknowledgements
- CVE-2021-30651 Harish Lekkala
Revisions
2022-06-23 initial public release