8.6 High
AI Score
Confidence
Low
7.4 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
50.8%
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
web_gateway | le | 5.1 | |
web_gateway | eq | 5.0 | |
web_gateway | eq | 5.0.1 | |
web_gateway | eq | 5.0.2 | |
web_gateway | eq | 5.0.3 | |
web_gateway | eq | 5.0.3.18 |
packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html
www.securityfocus.com/bid/61101
www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00
www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt