[email protected]CVE-2012-3238

HistoryJul 09, 2012 - 10:55 p.m.

CVE-2012-3238

2012-07-0922:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-3238

xss

webadmin

astaro security gateway

security vulnerability

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the “Comment (optional)” field.

CPENameOperatorVersion
astaro:security_gateway_softwareastaro security gateway softwarele8.3
astaro:security_gatewayastaro security gatewayeq*
sophos:unified_threat_management_softwaresophos unified threat management softwarele8.3
sophos:unified_threat_managementsophos unified threat managementeq110
sophos:unified_threat_managementsophos unified threat managementeq120
sophos:unified_threat_managementsophos unified threat managementeq220
sophos:unified_threat_managementsophos unified threat managementeq320
sophos:unified_threat_managementsophos unified threat managementeq425
sophos:unified_threat_managementsophos unified threat managementeq525
sophos:unified_threat_managementsophos unified threat managementeq625

CPE	Name	Operator	Version
astaro:security_gateway_software	astaro security gateway software	le	8.3
astaro:security_gateway	astaro security gateway	eq	*
sophos:unified_threat_management_software	sophos unified threat management software	le	8.3
sophos:unified_threat_management	sophos unified threat management	eq	110
sophos:unified_threat_management	sophos unified threat management	eq	120
sophos:unified_threat_management	sophos unified threat management	eq	220
sophos:unified_threat_management	sophos unified threat management	eq	320
sophos:unified_threat_management	sophos unified threat management	eq	425
sophos:unified_threat_management	sophos unified threat management	eq	525
sophos:unified_threat_management	sophos unified threat management	eq	625

References

archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html

security.inshell.net/advisory/27

www.astaro.com/en-uk/blog/up2date/8305

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

Related for CVE-2012-3238

prion1