Details of VAR-201910-0323

ID

VAR-201910-0323

CVE

CVE-2019-9699

TITLE

Symantec Messaging Gateway Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-011356

DESCRIPTION

Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.98

sources: NVD: CVE-2019-9699 // JVNDB: JVNDB-2019-011356 // BID: 108303 // VULHUB: VHN-161134

AFFECTED PRODUCTS

vendor:	symantec	model:	messaging gateway	scope:	lt	version:	10.7.0	Trust: 1.8
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	ne	version:	10.7	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.5	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.3	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.2	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.4	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5.1	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.3-266	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5.3-3	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5.3	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.0-7	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.5.2	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.0-3	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.5	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5.2	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.1	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.1-3	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.3-267	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.6	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.0	Trust: 0.3
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	10.6.1	Trust: 0.3

sources: BID: 108303 // JVNDB: JVNDB-2019-011356 // NVD: CVE-2019-9699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9699
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-9699
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-709
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-161134
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-9699
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-161134
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9699
baseSeverity:	MEDIUM
baseScore:	4.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-9699
baseSeverity:	MEDIUM
baseScore:	4.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-161134 // JVNDB: JVNDB-2019-011356 // CNNVD: CNNVD-201905-709 // NVD: CVE-2019-9699

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-161134 // JVNDB: JVNDB-2019-011356 // NVD: CVE-2019-9699

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201905-709

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-709

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011356

PATCH

title:	SYMSA1482	url:	https://support.symantec.com/us/en/article.symsa1482.html	Trust: 0.8
title:	Symantec Messaging Gateway Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92846	Trust: 0.6

sources: JVNDB: JVNDB-2019-011356 // CNNVD: CNNVD-201905-709

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9699	Trust: 2.8
db:	BID	id:	108303	Trust: 1.0
db:	JVNDB	id:	JVNDB-2019-011356	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-709	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1784	Trust: 0.6
db:	VULHUB	id:	VHN-161134	Trust: 0.1

sources: VULHUB: VHN-161134 // BID: 108303 // JVNDB: JVNDB-2019-011356 // CNNVD: CNNVD-201905-709 // NVD: CVE-2019-9699

REFERENCES

url:	https://support.symantec.com/en_us/article.symsa1482.html	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9699	Trust: 1.4
url:	http://www.securityfocus.com/bid/108303	Trust: 1.2
url:	http://www.symantec.com/messaging-gateway	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9699	Trust: 0.8
url:	http://support.symantec.com/content/unifiedweb/en_us/article.symsa1482.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/81222	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1784/	Trust: 0.6

sources: VULHUB: VHN-161134 // BID: 108303 // JVNDB: JVNDB-2019-011356 // CNNVD: CNNVD-201905-709 // NVD: CVE-2019-9699

CREDITS

Muhammad Nafees

Trust: 0.9

sources: BID: 108303 // CNNVD: CNNVD-201905-709

SOURCES

db:	VULHUB	id:	VHN-161134
db:	BID	id:	108303
db:	JVNDB	id:	JVNDB-2019-011356
db:	CNNVD	id:	CNNVD-201905-709
db:	NVD	id:	CVE-2019-9699

LAST UPDATE DATE

2024-11-23T22:55:26.099000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-161134	date:	2019-10-30T00:00:00
db:	BID	id:	108303	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-011356	date:	2019-11-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-709	date:	2019-10-31T00:00:00
db:	NVD	id:	CVE-2019-9699	date:	2024-11-21T04:52:07.937

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-161134	date:	2019-10-24T00:00:00
db:	BID	id:	108303	date:	2019-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-011356	date:	2019-11-06T00:00:00
db:	CNNVD	id:	CNNVD-201905-709	date:	2019-05-16T00:00:00
db:	NVD	id:	CVE-2019-9699	date:	2019-10-24T16:15:21.097