Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-30651: Support Content Notification - Support Portal - Broadcom support portal

A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

CVE
Open in Source
#vulnerability#web#ldap#auth

Information Disclosure Vulnerability in Symantec Messaging Gateway

Initial Publication Date

23 June 2022

Summary

The Symantec Messaging Gateway (SMG) web interface is susceptible to an information disclosure vulnerability. A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

Affected Product(s)

Symantec Messaging Gateway (SMG)

CVE

Supported Version(s)

Remediation

CVE-2021-30651

10.7

Upgrade to 10.7.5

Issue Details

CVE-2021-30651

Severity / CVSS v3.1:

Medium / 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

References:

NVD: CVE-2021-30651

Impact:

Information disclosure

Description:

A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access.

Acknowledgements

  • CVE-2021-30651 Harish Lekkala

Revisions

2022-06-23 initial public release

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE