Lucene search

PRIOn knowledge basePRION:CVE-2013-1617

HistoryAug 01, 2013 - 1:32 p.m.

Sql injection

2013-08-0113:32:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

Low

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

50.8%

JSON

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

CPENameOperatorVersion
web_gatewayle5.1
web_gatewayeq5.0
web_gatewayeq5.0.1
web_gatewayeq5.0.2
web_gatewayeq5.0.3
web_gatewayeq5.0.3.18

Name	Operator	Version
web_gateway	le	5.1
web_gateway	eq	5.0
web_gateway	eq	5.0.1
web_gateway	eq	5.0.2
web_gateway	eq	5.0.3
web_gateway	eq	5.0.3.18

References

packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html

www.securityfocus.com/bid/61101

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt

8.6 High

AI Score

Confidence

Low

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

50.8%

JSON

Related for PRION:CVE-2013-1617