Description
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033625
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76725
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-444/
Vendor Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Scores
EPSS
0.0155
EPSS Percentile
81.7%
Details
CWE
CWE-78
Status
published
Products (1)
symantec/web_gateway
< 5.2.2
Published
Sep 20, 2015
Tracked Since
Feb 18, 2026