CVE-2011-0549

2011-07-1120:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2011-0549

sql injection

forget.php

symantec web gateway

nvd

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.8%

JSON

SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.

CPENameOperatorVersion
symantec:web_gatewaysymantec web gatewayeq4.5.2.72
symantec:web_gatewaysymantec web gatewayeq4.5
symantec:web_gatewaysymantec web gatewayeq4.5.1.44
symantec:web_gatewaysymantec web gatewayeq4.5.2.65
symantec:web_gatewaysymantec web gatewayeq4.5.2.37
symantec:web_gatewaysymantec web gatewayeq4.5.4.9
symantec:web_gatewaysymantec web gatewayeq4.5.3.38
symantec:web_gatewaysymantec web gatewayeq4.5.0.326
symantec:web_gatewaysymantec web gatewayeq4.5.1.34

CPE	Name	Operator	Version
symantec:web_gateway	symantec web gateway	eq	4.5.2.72
symantec:web_gateway	symantec web gateway	eq	4.5
symantec:web_gateway	symantec web gateway	eq	4.5.1.44
symantec:web_gateway	symantec web gateway	eq	4.5.2.65
symantec:web_gateway	symantec web gateway	eq	4.5.2.37
symantec:web_gateway	symantec web gateway	eq	4.5.4.9
symantec:web_gateway	symantec web gateway	eq	4.5.3.38
symantec:web_gateway	symantec web gateway	eq	4.5.0.326
symantec:web_gateway	symantec web gateway	eq	4.5.1.34