What is the severity of CVE-2017-6328?

CVE-2017-6328 has a medium severity rating due to its potential for causing unauthorized actions via cross-site request forgery.

How do I fix CVE-2017-6328?

To fix CVE-2017-6328, upgrade Symantec Messaging Gateway to version 10.6.3-267 or later.

What types of attacks are possible with CVE-2017-6328?

CVE-2017-6328 allows attackers to perform unauthorized actions as a logged-in user through cross-site request forgery.

Which versions of Symantec Messaging Gateway are affected by CVE-2017-6328?

Symantec Messaging Gateway versions prior to 10.6.3-267 are affected by CVE-2017-6328.

Is CVE-2017-6328 a local or remote vulnerability?

CVE-2017-6328 is a remote vulnerability that can be exploited by an attacker without needing local access.

Vulnerability/
CVE-2017-6328

high

8.8

CWE

352

11/8/2017

16/9/2024

CVE-2017-6328: CSRF

First published: Fri Aug 11 2017(Updated: )

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.

Credit: secure@symantec.com

Affected Software	Affected Version	How to fix
Symantec Brightmail and Messaging Gateway	<=10.6.3-2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6328?
CVE-2017-6328 has a medium severity rating due to its potential for causing unauthorized actions via cross-site request forgery.
How do I fix CVE-2017-6328?
To fix CVE-2017-6328, upgrade Symantec Messaging Gateway to version 10.6.3-267 or later.
What types of attacks are possible with CVE-2017-6328?
CVE-2017-6328 allows attackers to perform unauthorized actions as a logged-in user through cross-site request forgery.
Which versions of Symantec Messaging Gateway are affected by CVE-2017-6328?
Symantec Messaging Gateway versions prior to 10.6.3-267 are affected by CVE-2017-6328.
Is CVE-2017-6328 a local or remote vulnerability?
CVE-2017-6328 is a remote vulnerability that can be exploited by an attacker without needing local access.

agent/references
agent/type
agent/severity
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/symantec
canonical/symantec brightmail and messaging gateway
version/symantec brightmail and messaging gateway/10.6.3-2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.