Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities
Kaspersky Secure Mail Gateway is prone to the following multiple security vulnerabilities:
1. A cross-site request-forgery vulnerability
2. An arbitrary command-execution vulnerability.
3. A local privilege-escalation vulnerability
4. A cross-site scripting vulnerability
Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, obtain sensitive information, execute command with root privileges, and perform unauthorized actions. Failed exploits can result in a denial-of-service condition.
Secure Mail Gateway 220.127.116.119 is vulnerable; other versions may also be affected.