Information Disclosure Vulnerability in Symantec Messaging Gateway

Messaging Gateway

0 more products

20652

23 June 2022

23 June 2022

CLOSED

MEDIUM

4.8

Summary

The Symantec Messaging Gateway (SMG) web interface is susceptible to an information disclosure vulnerability. A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

 

Affected Product(s)

Symantec Messaging Gateway (SMG)
CVE Supported Version(s) Remediation
CVE-2021-30651 10.7 Upgrade to 10.7.5

 

Issue Details

CVE-2021-30651
Severity / CVSS v3.1: Medium / 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
References: NVD: CVE-2021-30651
Impact: Information disclosure
Description: A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

 

Acknowledgements

  • CVE-2021-30651 Harish Lekkala

Revisions

2022-06-23 initial public release