CVE-2013-1617

2013-08-0113:32:00

CWE-89

[email protected]

web.nvd.nist.gov

symantec

web gateway

swg

appliance

sql injection

vulnerabilities

cve-2013-1617

nvd

8 High

AI Score

Confidence

Low

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.4%

JSON

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

CPENameOperatorVersion
symantec:web_gatewaysymantec web gatewayle5.1
symantec:web_gatewaysymantec web gatewayeq5.0
symantec:web_gatewaysymantec web gatewayeq5.0.1
symantec:web_gatewaysymantec web gatewayeq5.0.2
symantec:web_gatewaysymantec web gatewayeq5.0.3
symantec:web_gatewaysymantec web gatewayeq5.0.3.18
symantec:web_gateway_appliance_8450symantec web gateway appliance 8450eq-
symantec:web_gateway_appliance_8490symantec web gateway appliance 8490eq-

CPE	Name	Operator	Version
symantec:web_gateway	symantec web gateway	le	5.1
symantec:web_gateway	symantec web gateway	eq	5.0
symantec:web_gateway	symantec web gateway	eq	5.0.1
symantec:web_gateway	symantec web gateway	eq	5.0.2
symantec:web_gateway	symantec web gateway	eq	5.0.3
symantec:web_gateway	symantec web gateway	eq	5.0.3.18
symantec:web_gateway_appliance_8450	symantec web gateway appliance 8450	eq	-
symantec:web_gateway_appliance_8490	symantec web gateway appliance 8490	eq	-