CVE-2017-15532

MEDIUM

Symantec Messaging Gateway < 10.6.4 - Path Traversal

Title source: llm

Description

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102096

Vendor Advisory x_refsource_confirm

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171220_00

Scores

CVSS v3 5.7

EPSS 0.0066

EPSS Percentile 71.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

symantec/messaging_gateway < 10.6.4

Symantec Corporation/Messaging Gateway Prior to 10.6.4

Published Dec 20, 2017

Tracked Since Feb 18, 2026