CVE-2012-4347

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.

Published: Dec 5, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-4347
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
symantec / messaging_gateway	9.5.2	9.5.2.x
symantec / messaging_gateway	9.5.4	9.5.4.x
symantec / messaging_gateway	9.5.1	9.5.1.x
symantec / messaging_gateway	9.5.3	9.5.3.x
symantec / messaging_gateway	9.5	9.5.x

http://www.securityfocus.com/bid/56789
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00

Vulnerability Database

289,784

CVE-2012-4347