Critical SQL Injection Vulnerability in SMG (CVE-2018-12464)

  • 7023132
  • 27-Jun-2018
  • 29-Jun-2018




A SQL injection vulnerability in the web administration and quarantine components in versions of Micro Focus Secure Messaging Gateway prior to 471 allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution.


Please use the online update function from within the management console to update to version 471 or newer.

Additional Information