Critical Remote Code Execution Vulnerability in SMG (CVE-2018-12465)

  • 7023133
  • 27-Jun-2018
  • 29-Jun-2018




An OS command injection vulnerability in the web administration component of versions of Micro Focus Secure Messaging Gateway (SMG) prior to version 471 allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution.


Please use the online update function from within the management console to update to version 471 or newer.

Additional Information