Published: 01/08/2013 Updated: 17/01/2014

CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5

VMScore: 835

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

The management console on the Symantec Web Gateway (SWG) appliance prior to 5.1.1 allows remote malicious users to execute arbitrary commands by injecting a command into an application script.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec web_gateway 5.0.1
symantec web_gateway 5.0.2
symantec web_gateway 5.0.3
symantec web_gateway 5.0.3.18
symantec web_gateway
symantec web_gateway 5.0
symantec web_gateway_appliance_8450 -
symantec web_gateway_appliance_8490 -

SEC Consult Vulnerability Lab Security Advisory < 20130726-0 > ======================================================================= title: Multiple vulnerabilities - Surveillance via Symantec Web Gateway product: Symantec Web Gateway vulnerable version: <= 510* fixed version: 51 ...

Symantec Web Gateway versions 510* and below suffer from cross site request forgery, cross site scripting, command injection, and remote SQL injection vulnerabilities ...

CWE-78 http://www.securityfocus.com/bid/61106 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00 http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt https://nvd.nist.gov https://www.exploit-db.com/exploits/27136/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1616

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect