Critical SQL Injection Vulnerability in SMG (CVE-2018-12464)

  • 7023132
  • 27-Jun-2018
  • 29-Jun-2018

Environment

SMG

Situation

A SQL injection vulnerability in the web administration and quarantine components in versions of Micro Focus Secure Messaging Gateway prior to 471 allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution.

Resolution

Please use the online update function from within the management console to update to version 471 or newer.

Additional Information

Feedback service temporarily unavailable. For content questions or problems, please contact Support.