Description
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00
Various Sources x_refsource_misc
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61101
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html
Scores
EPSS
0.0138
EPSS Percentile
80.5%
Details
CWE
CWE-89
Status
published
Products (8)
symantec/web_gateway
5.0
symantec/web_gateway
5.0.1
symantec/web_gateway
5.0.2
symantec/web_gateway
5.0.3
symantec/web_gateway
5.0.3.18
symantec/web_gateway
< 5.1
symantec/web_gateway_appliance_8450
symantec/web_gateway_appliance_8490
Published
Aug 01, 2013
Tracked Since
Feb 18, 2026