Published: 29/06/2018 Updated: 07/11/2023

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions before 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).

Vulnerable Product	Search on Vulmon	Subscribe to Product
microfocus secure messaging gateway

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' => "MicroFo ...

CWE-78 https://support.microfocus.com/kb/doc.php?id=7023133 https://www.exploit-db.com/exploits/45083/https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/https://nvd.nist.gov https://www.exploit-db.com/exploits/45083/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-12465

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect