{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<P>Symantec Messaging Gateway versions 9.5.x.</P>","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2012-3581","url":"https://www.cve.org/CVERecord?id=CVE-2012-3581"},{"name":"CVE-2012-0307","url":"https://www.cve.org/CVERecord?id=CVE-2012-0307"},{"name":"CVE-2012-3580","url":"https://www.cve.org/CVERecord?id=CVE-2012-3580"},{"name":"CVE-2012-0308","url":"https://www.cve.org/CVERecord?id=CVE-2012-0308"},{"name":"CVE-2012-3579","url":"https://www.cve.org/CVERecord?id=CVE-2012-3579"}],"links":[],"reference":"CERTA-2012-AVI-468","revisions":[{"description":"version initiale.","revision_date":"2012-08-29T00:00:00.000000"}],"risks":[{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Injection de code indirecte \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Cinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans la console de gestion de\nSymantec Messaging Gateway. Parmis celles-ci, une injection de code\nindirecte \u00e0 distance (XSS), une injection de requ\u00eates ill\u00e9gitime par\nrebond (CSRF), et un compte SSH avec un mot de passe par d\u00e9faut\npermettant \u00e0 un utilisateur ill\u00e9gitime d'avoir acc\u00e8s \u00e0 la console, sont\nles plus critiques.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Symantec Messaging Gateway","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Symantec SYM12-013 du 27 ao\u00fbt 2012","url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00"}]}