Support Content Notification - Support Portal

Information Disclosure Vulnerability in Symantec Messaging Gateway

Product/Component

Messaging Gateway

0 more products

Notification Id

20652

Last Updated

23 June 2022

Initial Publication Date

23 June 2022

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

4.8

WorkAround

Affected CVE

Summary

The Symantec Messaging Gateway (SMG) web interface is susceptible to an information disclosure vulnerability. A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

Affected Product(s)

Symantec Messaging Gateway (SMG)
CVE	Supported Version(s)	Remediation
CVE-2021-30651	10.7	Upgrade to 10.7.5

Issue Details

CVE-2021-30651
Severity / CVSS v3.1:	Medium / 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
References:	NVD: CVE-2021-30651
Impact:	Information disclosure
Description:	A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

Acknowledgements

CVE-2021-30651 Harish Lekkala

Revisions

2022-06-23 initial public release