Vulnerability CVE-2013-1617


Published: 2013-08-01

Description:
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Symantec Web Surveillance Multiple vulnerabilities
Wolfgang Ettling...
27.07.2013

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:A/AC:M/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.4/10
10/10
4.4/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Web gateway 
Symantec -> Web gateway appliance 8450 
Symantec -> Web gateway appliance 8490 

 References:
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00
http://www.securityfocus.com/bid/61101
http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html

Copyright 2024, cxsecurity.com

 

Back to Top