ID

VAR-202012-0099


CVE

CVE-2020-12595


TITLE

SMG  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014332

DESCRIPTION

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4. SMG Contains an unspecified vulnerability.Information may be obtained. Symantec Messaging Gateway is a set of spam filters of Symantec Corporation of the United States. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. Symantec Messaging Gateway before version 10.7.4 has a security vulnerability, which can be exploited by attackers to obtain sensitive information

Trust: 1.71

sources: NVD: CVE-2020-12595 // JVNDB: JVNDB-2020-014332 // VULHUB: VHN-165289

AFFECTED PRODUCTS

vendor:broadcommodel:symantec messaging gatewayscope:ltversion:10.7.4

Trust: 1.0

vendor:broadcommodel:symantec messaging gatewayscope:eqversion:10.7.4

Trust: 0.8

vendor:broadcommodel:symantec messaging gatewayscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014332 // NVD: CVE-2020-12595

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12595
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-12595
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202012-843
value: MEDIUM

Trust: 0.6

VULHUB: VHN-165289
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12595
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-165289
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12595
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-12595
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-165289 // JVNDB: JVNDB-2020-014332 // CNNVD: CNNVD-202012-843 // NVD: CVE-2020-12595

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014332 // NVD: CVE-2020-12595

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-843

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-843

PATCH

title:SYMSA16609url:https://support.broadcom.com/security-advisory/content/security-advisories/Privilege-Escalation-and-Information-Disclosure-Vulnerabilities-in-SMG/SYMSA16609

Trust: 0.8

title:Symantec Messaging Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136978

Trust: 0.6

sources: JVNDB: JVNDB-2020-014332 // CNNVD: CNNVD-202012-843

EXTERNAL IDS

db:NVDid:CVE-2020-12595

Trust: 2.5

db:JVNDBid:JVNDB-2020-014332

Trust: 0.8

db:CNNVDid:CNNVD-202012-843

Trust: 0.7

db:VULHUBid:VHN-165289

Trust: 0.1

sources: VULHUB: VHN-165289 // JVNDB: JVNDB-2020-014332 // CNNVD: CNNVD-202012-843 // NVD: CVE-2020-12595

REFERENCES

url:https://support.broadcom.com/security-advisory/content/security-advisories/privilege-escalation-and-information-disclosure-vulnerabilities-in-smg/symsa16609

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-12595

Trust: 1.4

sources: VULHUB: VHN-165289 // JVNDB: JVNDB-2020-014332 // CNNVD: CNNVD-202012-843 // NVD: CVE-2020-12595

SOURCES

db:VULHUBid:VHN-165289
db:JVNDBid:JVNDB-2020-014332
db:CNNVDid:CNNVD-202012-843
db:NVDid:CVE-2020-12595

LAST UPDATE DATE

2024-11-23T23:11:14.699000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-165289date:2020-12-14T00:00:00
db:JVNDBid:JVNDB-2020-014332date:2021-08-13T08:51:00
db:CNNVDid:CNNVD-202012-843date:2020-12-15T00:00:00
db:NVDid:CVE-2020-12595date:2024-11-21T04:59:54.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-165289date:2020-12-10T00:00:00
db:JVNDBid:JVNDB-2020-014332date:2021-08-13T00:00:00
db:CNNVDid:CNNVD-202012-843date:2020-12-10T00:00:00
db:NVDid:CVE-2020-12595date:2020-12-10T06:15:13.267