Sign-up

ID

VAR-201907-0220


CVE

CVE-2019-12751


TITLE

Symantec Messaging Gateway Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-006487

DESCRIPTION

Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on an affected system. Symantec Messaging Gateway versions prior to 10.7.1 are vulnerable. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention

Trust: 1.98

sources: NVD: CVE-2019-12751 // JVNDB: JVNDB-2019-006487 // BID: 108925 // VULHUB: VHN-144529

AFFECTED PRODUCTS

vendor:symantecmodel:message gatewayscope:ltversion:10.7.1

Trust: 1.8

vendor:symantecmodel:messaging gatewayscope:eqversion:10.7

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.3

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.5.2

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.5.1

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.5

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.0.1

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5.4

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5.3

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5.3-3

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5.2

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5.1

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.6

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.5

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.4

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.3-267

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.3-266

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.2

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.1-3

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.1

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.0-7

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.0-3

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.1

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.0.3

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.0.2

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.0

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:neversion:10.7.1

Trust: 0.3

sources: BID: 108925 // JVNDB: JVNDB-2019-006487 // NVD: CVE-2019-12751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12751
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-12751
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201907-608
value: CRITICAL

Trust: 0.6

VULHUB: VHN-144529
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12751
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144529
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12751
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-144529 // JVNDB: JVNDB-2019-006487 // CNNVD: CNNVD-201907-608 // NVD: CVE-2019-12751

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-144529 // JVNDB: JVNDB-2019-006487 // NVD: CVE-2019-12751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-608

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201907-608

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006487

PATCH
title:SYMSA1486url:https://support.symantec.com/us/en/article.SYMSA1486.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006487

EXTERNAL IDS
db:NVDid:CVE-2019-12751
Trust: 2.8
db:BIDid:108925
Trust: 2.0
db:JVNDBid:JVNDB-2019-006487
Trust: 0.8
db:CNNVDid:CNNVD-201907-608
Trust: 0.7
db:VULHUBid:VHN-144529
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144529 // 
            
            
            
            BID: 108925 // 
            
            
            
            JVNDB: JVNDB-2019-006487 // 
            
            
            
            CNNVD: CNNVD-201907-608 // 
            
            
            
            NVD: CVE-2019-12751

REFERENCES
url:https://support.symantec.com/us/en/article.symsa1486.html
Trust: 2.0
url:http://www.securityfocus.com/bid/108925
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12751
Trust: 1.4
url:http://www.symantec.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12751
Trust: 0.8
sources:
            
            
            VULHUB: VHN-144529 // 
            
            
            
            BID: 108925 // 
            
            
            
            JVNDB: JVNDB-2019-006487 // 
            
            
            
            CNNVD: CNNVD-201907-608 // 
            
            
            
            NVD: CVE-2019-12751

CREDITS
Dave
Trust: 0.9
sources:
            
            
            BID: 108925 // 
            
            
            
            CNNVD: CNNVD-201907-608

SOURCES
db:VULHUBid:VHN-144529
db:BIDid:108925
db:JVNDBid:JVNDB-2019-006487
db:CNNVDid:CNNVD-201907-608
db:NVDid:CVE-2019-12751

LAST UPDATE DATE
2024-11-23T22:16:58.053000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144529date:2020-08-24T00:00:00
db:BIDid:108925date:2019-07-12T03:00:00
db:JVNDBid:JVNDB-2019-006487date:2019-07-22T00:00:00
db:CNNVDid:CNNVD-201907-608date:2020-08-25T00:00:00
db:NVDid:CVE-2019-12751date:2024-11-21T04:23:29.897

SOURCES RELEASE DATE
db:VULHUBid:VHN-144529date:2019-07-11T00:00:00
db:BIDid:108925date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006487date:2019-07-22T00:00:00
db:CNNVDid:CNNVD-201907-608date:2019-07-10T00:00:00
db:NVDid:CVE-2019-12751date:2019-07-11T21:15:09.733