Environment
SMG
Situation
An OS command injection vulnerability in the web administration component of versions of Micro Focus Secure Messaging Gateway (SMG) prior to version 471 allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution.
Resolution
Please use the online update function from within the management console to update to version 471 or newer.