Vulnerability patched in Symantec Brightmail Gateway
Symantec has released an update for its Brightmail Gateway email security appliance to fix a cross-site scripting and privilege escalation vulnerability in the appliances web based Control Centre. Attackers could exploit the vulnerabilities from the internal network as the Control Centre failed to properly filter client input from authorised users of the Control Centre console.
The update is available via the Software Update feature of Brightmail and is also available to registered users to download.
See also:
- Symantec Brightmail Gateway Appliance Cross-site Scripting and Elevation of Privilege, advisory from Symantec
(djwm)