{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T03:42:17.823","vulnerabilities":[{"cve":{"id":"CVE-2017-15532","sourceIdentifier":"secure@symantec.com","published":"2017-12-20T18:29:00.950","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files."},{"lang":"es","value":"En versiones anteriores a la 10.6.4, Symantec Messaging Gateway podría ser susceptible a un ataque de salto de ruta (también conocido como salto de directorio). Este tipo de ataque intenta acceder a archivos y directorios que están almacenados fuera de la carpeta web root. Al manipular variables, sería posible acceder a archivos y directorios arbitrarios almacenados en el sistema de archivos, incluyendo el código fuente de la aplicación o archivos críticos o de configuración del sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:C/I:N/A:N","baseScore":5.5,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":5.1,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*","versionEndExcluding":"10.6.4","matchCriteriaId":"E12A8B76-E165-4E00-AA9F-856AD83C38AA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/102096","source":"secure@symantec.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171220_00","source":"secure@symantec.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/102096","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171220_00","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}