A vulnerability scan has been run against a Symantec application, and one or more Common Vulnerabilities and Exposures (CVE) were reported by the scanner.

Messaging Gateway

Symantec performs internal vulnerability scans of its products as part of the development and QA process, but recognizes the value of our customers doing independent validation of their organization's security posture.

To ensure that your organization is getting an accurate report please consider the following:

• Run vulnerability scans against the latest release with all appropriate patches applied.
• Run vulnerability scans against the normal operating configuration of the product.
• Run vulnerability scans with a fully updated scanner that has the most recent set of signatures.

Even following these best practices, a vulnerability scan may return some CVEs or other vulnerabilities. For some products, vulnerabilities in libraries or protocols are patched without updating the library or software version. This can result in false positives from vulnerability scanners which do an unsophisticated port and version number scan.

When contacting product support regarding the results of a vulnerability scan, if needed, provide the full scan report and details on the scanning software and version.