Sign-up

ID

VAR-201912-1231


CVE

CVE-2019-18379


TITLE

Symantec Messaging Gateway Server-side request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012943

DESCRIPTION

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. Symantec Messaging Gateway Contains a server-side request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is a set of spam filters of Symantec Corporation of the United States. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. A code issue vulnerability exists in Symantec Messaging Gateway prior to 10.7.3

Trust: 1.8

sources: NVD: CVE-2019-18379 // JVNDB: JVNDB-2019-012943 // VULHUB: VHN-150719 // VULMON: CVE-2019-18379

AFFECTED PRODUCTS

vendor:symantecmodel:messaging gatewayscope:ltversion:10.7.3

Trust: 1.8

sources: JVNDB: JVNDB-2019-012943 // NVD: CVE-2019-18379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18379
value: HIGH

Trust: 1.0

NVD: CVE-2019-18379
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201912-519
value: HIGH

Trust: 0.6

VULHUB: VHN-150719
value: HIGH

Trust: 0.1

VULMON: CVE-2019-18379
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-18379
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-150719
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18379
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-18379
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150719 // VULMON: CVE-2019-18379 // JVNDB: JVNDB-2019-012943 // CNNVD: CNNVD-201912-519 // NVD: CVE-2019-18379

PROBLEMTYPE DATA

problemtype:CWE-918

Trust: 1.9

sources: VULHUB: VHN-150719 // JVNDB: JVNDB-2019-012943 // NVD: CVE-2019-18379

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-519

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201912-519

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012943

PATCH
title:SYMSA1501url:https://support.symantec.com/us/en/article.SYMSA1501.html
Trust: 0.8
title:Symantec Messaging Gateway Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105354
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-012943 // 
            
            
            
            CNNVD: CNNVD-201912-519

EXTERNAL IDS
db:NVDid:CVE-2019-18379
Trust: 2.6
db:JVNDBid:JVNDB-2019-012943
Trust: 0.8
db:CNNVDid:CNNVD-201912-519
Trust: 0.7
db:VULHUBid:VHN-150719
Trust: 0.1
db:VULMONid:CVE-2019-18379
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150719 // 
            
            
            
            VULMON: CVE-2019-18379 // 
            
            
            
            JVNDB: JVNDB-2019-012943 // 
            
            
            
            CNNVD: CNNVD-201912-519 // 
            
            
            
            NVD: CVE-2019-18379

REFERENCES
url:https://support.symantec.com/us/en/article.symsa1501.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-18379
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18379
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/918.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/172901
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150719 // 
            
            
            
            VULMON: CVE-2019-18379 // 
            
            
            
            JVNDB: JVNDB-2019-012943 // 
            
            
            
            CNNVD: CNNVD-201912-519 // 
            
            
            
            NVD: CVE-2019-18379

SOURCES
db:VULHUBid:VHN-150719
db:VULMONid:CVE-2019-18379
db:JVNDBid:JVNDB-2019-012943
db:CNNVDid:CNNVD-201912-519
db:NVDid:CVE-2019-18379

LAST UPDATE DATE
2024-11-23T22:16:41.822000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150719date:2019-12-13T00:00:00
db:VULMONid:CVE-2019-18379date:2019-12-13T00:00:00
db:JVNDBid:JVNDB-2019-012943date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201912-519date:2020-06-09T00:00:00
db:NVDid:CVE-2019-18379date:2024-11-21T04:33:10.007

SOURCES RELEASE DATE
db:VULHUBid:VHN-150719date:2019-12-11T00:00:00
db:VULMONid:CVE-2019-18379date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-012943date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201912-519date:2019-12-11T00:00:00
db:NVDid:CVE-2019-18379date:2019-12-11T16:15:11.747