Critical Remote Code Execution Vulnerability in SMG (CVE-2018-12465)

  • 7023133
  • 27-Jun-2018
  • 29-Jun-2018

Environment

SMG

Situation

An OS command injection vulnerability in the web administration component of versions of Micro Focus Secure Messaging Gateway (SMG) prior to version 471 allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution.

Resolution

Please use the online update function from within the management console to update to version 471 or newer.

Additional Information

Feedback service temporarily unavailable. For content questions or problems, please contact Support.