Vulnerability Description
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Messaging Gateway | < 10.6.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105330Third Party AdvisoryVDB Entry
- https://support.symantec.com/en_US/article.SYMSA1461.htmlMitigationVendor Advisory
- http://www.securityfocus.com/bid/105330Third Party AdvisoryVDB Entry
- https://support.symantec.com/en_US/article.SYMSA1461.htmlMitigationVendor Advisory
FAQ
What is CVE-2018-12243?
CVE-2018-12243 is a vulnerability with a CVSS score of 8.8 (HIGH). The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity ...
How severe is CVE-2018-12243?
CVE-2018-12243 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-12243?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Messaging Gateway.