cvedb.io
CVE-2018-12465
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2018-06-29T16:29:00.337 · Last modified 2026-06-17T01:37:49.990

Summary

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).

Affected products

microfocus — secure_messaging_gateway

Does this affect you?

Add your gear to cvedb and we'll alert you only when microfocus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.