Lucene search

[email protected]NVD:CVE-2013-1617

HistoryAug 01, 2013 - 1:32 p.m.

CVE-2013-1617

2013-08-0113:32:21

CWE-89

[email protected]

web.nvd.nist.gov

7.4 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.7%

JSON

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

NVD

Node

symantecweb_gatewayRange≤5.1

symantecweb_gatewayMatch5.0

symantecweb_gatewayMatch5.0.1

symantecweb_gatewayMatch5.0.2

symantecweb_gatewayMatch5.0.3

symantecweb_gatewayMatch5.0.3.18

AND

symantecweb_gateway_appliance_8450Match-

symantecweb_gateway_appliance_8490Match-

References

packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html

www.securityfocus.com/bid/61101

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt

7.4 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.7%

JSON

Related for NVD:CVE-2013-1617

prion1 cve1 cvelist1 securityvulns2 packetstorm1 exploitpack1 nessus2 openvas1 exploitdb1 symantec1