Search criteria
39 vulnerabilities found for symantec_proxysg by broadcom
FKIE_CVE-2021-30648
Vulnerability from fkie_nvd - Published: 2021-06-30 11:15 - Updated: 2024-11-21 06:04
Severity ?
Summary
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9672F60B-F28A-4343-9974-9959BD393AB9",
"versionEndExcluding": "6.5.10.16",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A764833-E6F8-4D84-BE5F-951820DD656A",
"versionEndExcluding": "6.6.5.19",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4B8490-8550-491B-A9CD-A52D8B79D155",
"versionEndExcluding": "6.7.5.12",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0050BA3-EFC3-48A6-8544-9E5DEF14A9CE",
"versionEndExcluding": "7.2.7.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB1BDF4-A549-459D-9FB5-1AD6925453D8",
"versionEndExcluding": "7.3.3.3",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98CC3B7A-43FA-4D4F-9940-9511A9449076",
"versionEndExcluding": "6.7.4.17",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D5D136-155C-4A46-904A-543645C53772",
"versionEndExcluding": "6.7.5.12",
"versionStartIncluding": "6.7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD89FCD6-67B6-426A-AA80-E6A4D44B472A",
"versionEndExcluding": "7.2.7.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDD9E31-19E6-437C-A32F-F01319497E19",
"versionEndExcluding": "7.3.3.3",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s200-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7607245C-D417-48D7-876D-1E859215F426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3504045-02F1-48A7-900C-64A280BB5676",
"versionEndExcluding": "6.7.4.17",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B05AD57E-CACF-4D2C-B3A2-ABD24CB47A14",
"versionEndExcluding": "6.7.5.12",
"versionStartIncluding": "6.7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FC75E0-5D1F-49EC-9B6F-611AF94E8CE6",
"versionEndExcluding": "7.2.7.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAD2096-A175-492D-A106-FCA726F742D9",
"versionEndExcluding": "7.3.3.3",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s200-40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9EBCDE-5890-4B9C-9B28-4BA6636320CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "550B2E07-8330-43A1-8303-12EBD1EAA3CF",
"versionEndExcluding": "6.7.4.17",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05B177FF-1C17-4B44-A5E8-BC42C6A88BB8",
"versionEndExcluding": "6.7.5.12",
"versionStartIncluding": "6.7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F549852-ED15-4FF7-9673-432E7BCEC615",
"versionEndExcluding": "7.2.7.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F96BFC-1BA1-4E68-B60F-8F357BEEEBEA",
"versionEndExcluding": "7.3.3.3",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C57BAE4-DCCC-427E-8C90-1D8586F836D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD66EC5-4990-4523-92EE-6259417EA29D",
"versionEndExcluding": "6.7.4.17",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5797A293-88B1-433E-BD59-0E43F3C105EA",
"versionEndExcluding": "6.7.5.12",
"versionStartIncluding": "6.7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A43A9E1-CF92-4E19-8CEE-31719133A880",
"versionEndExcluding": "7.2.7.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D133BFF-FE7D-4698-A13B-A707A76D3317",
"versionEndExcluding": "7.3.3.3",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF36EA8-61F6-4D19-9AE1-AFF5EFDDC3E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD66B48-C227-4276-9D56-AA6AB7EB8C53",
"versionEndExcluding": "6.7.4.17",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F910A085-3911-44F3-A8B1-403EB2D00558",
"versionEndExcluding": "6.7.5.12",
"versionStartIncluding": "6.7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0311A56B-D775-4507-A146-43E0E2C62D62",
"versionEndExcluding": "7.2.7.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46DE0E11-E74E-4CA2-923A-7E78FD331EA8",
"versionEndExcluding": "7.3.3.3",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB67FB71-4979-4C89-A214-B1B8FAA1DBBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE99D7E-341D-47CD-9CBB-A7815B9B98CA",
"versionEndExcluding": "6.7.4.17",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDFA390-B788-45A3-BE77-131D2E265CF7",
"versionEndExcluding": "6.7.5.12",
"versionStartIncluding": "6.7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "132FAE6F-1B32-4C66-8AFE-09A4CE823007",
"versionEndExcluding": "7.2.7.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14CAC3B2-1A9B-40C2-925C-5C929179763D",
"versionEndExcluding": "7.3.3.3",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_500-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44DFA806-C013-4C3A-A9AC-76040E5B4207",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31C3E999-E729-4B08-BFCD-2CACD14A9FAA",
"versionEndExcluding": "6.7.4.17",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "540E33CE-DB5D-4C45-806F-2A2B43EDDC11",
"versionEndExcluding": "6.7.5.12",
"versionStartIncluding": "6.7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D17AC2E5-5CAE-49B9-BA56-B7DD2CA1A796",
"versionEndExcluding": "7.2.7.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D30543D-636C-4005-A677-A049FAF5534F",
"versionEndExcluding": "7.3.3.3",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s500-20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9770558C-A91B-4DD1-B5A6-76713452116E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance."
},
{
"lang": "es",
"value": "Las consolas de administraci\u00f3n web Symantec Advanced Secure Gateway (ASG) y ProxySG son susceptibles a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante no autenticado puede ejecutar comandos CLI arbitrarios, ver/modificar la configuraci\u00f3n y la pol\u00edtica del dispositivo, y apagar/reiniciar el dispositivo"
}
],
"id": "CVE-2021-30648",
"lastModified": "2024-11-21T06:04:21.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-30T11:15:08.143",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18375
Vulnerability from fkie_nvd - Published: 2020-04-10 00:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | advanced_secure_gateway | * | |
| broadcom | advanced_secure_gateway | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E268AFF2-E368-4574-9CE4-923C9C510E24",
"versionEndExcluding": "6.7.4.10",
"versionStartIncluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A0D93-FEEC-43B1-9766-032B87E88C38",
"versionEndExcluding": "7.2.0.1",
"versionStartIncluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "250EAC78-79F0-4ACF-86DB-54A6826832A8",
"versionEndExcluding": "6.7.4.10",
"versionStartIncluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C91A22D-A943-4DA8-8557-1B4EDB392D09",
"versionEndExcluding": "7.2.0.1",
"versionStartIncluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console."
},
{
"lang": "es",
"value": "Las consolas de administraci\u00f3n de ASG y ProxySG, son susceptibles a una vulnerabilidad de secuestro de sesi\u00f3n. Un atacante remoto, con acceso a la interfaz de administraci\u00f3n del dispositivo, puede secuestrar la sesi\u00f3n de un usuario actualmente registrado y acceder a la consola de administraci\u00f3n."
}
],
"id": "CVE-2019-18375",
"lastModified": "2024-11-21T04:33:09.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-10T00:15:11.160",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18370
Vulnerability from fkie_nvd - Published: 2019-08-30 09:15 - Updated: 2024-11-21 03:55
Severity ?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | advanced_secure_gateway | * | |
| broadcom | advanced_secure_gateway | 6.6 | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | 6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B599C2C-2345-4C48-A643-7E3248CD93CF",
"versionEndExcluding": "6.7.4.2",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30763EE4-C79B-47A6-B2BB-6E94B2C9C467",
"versionEndExcluding": "6.5.10.15",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83FFE68F-353C-441C-B924-6087631A0AF8",
"versionEndExcluding": "6.7.4.2",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
},
{
"lang": "es",
"value": "El modo WebFTP del Proxy FTP de ASG/ProxySG, permite interceptar conexiones FTP donde un usuario accede a un servidor FTP por medio de una URL ftp:// en un navegador web. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el modo WebFTP permite a un atacante remoto inyectar c\u00f3digo JavaScript malicioso en un listado web de ASG/ProxySG de un servidor FTP remoto. La explotaci\u00f3n de la vulnerabilidad requiere que el atacante sea capaz de cargar archivos especialmente dise\u00f1ados en el servidor FTP remoto. Versiones afectadas: ASG versi\u00f3n 6.6 y versiones 6.7 anteriores a 6.7.4.2; ProxySG versiones 6.5 anteriores a 6.5.10.15, 6.6 y versiones 6.7 anteriores a 6.7.4.2."
}
],
"id": "CVE-2018-18370",
"lastModified": "2024-11-21T03:55:48.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-30T09:15:16.567",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18371
Vulnerability from fkie_nvd - Published: 2019-08-30 09:15 - Updated: 2024-11-21 03:55
Severity ?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | advanced_secure_gateway | * | |
| broadcom | advanced_secure_gateway | 6.6 | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | 6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B599C2C-2345-4C48-A643-7E3248CD93CF",
"versionEndExcluding": "6.7.4.2",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30763EE4-C79B-47A6-B2BB-6E94B2C9C467",
"versionEndExcluding": "6.5.10.15",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83FFE68F-353C-441C-B924-6087631A0AF8",
"versionEndExcluding": "6.7.4.2",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
},
{
"lang": "es",
"value": "El modo WebFTP del proxy FTP de ASG/ProxySG, permite interceptar conexiones FTP donde un usuario accede a un servidor FTP por medio de una URL ftp:// en un navegador web. Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el modo WebFTP permite a un usuario malicioso obtener credenciales de aute de texto plano para un servidor FTP remoto desde un listado web del servidor FTP de ASG/ProxySG. Versiones afectadas: ASG versi\u00f3n 6.6 y versiones 6.7 anteriores a 6.7.4.2; ProxySG versiones 6.5 anteriores a 6.5.10.15, 6.6, y versiones 6.7 anteriores a 6.7.4.2."
}
],
"id": "CVE-2018-18371",
"lastModified": "2024-11-21T03:55:48.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-30T09:15:16.660",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-5241
Vulnerability from fkie_nvd - Published: 2018-05-29 13:29 - Updated: 2024-11-21 04:08
Severity ?
Summary
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/104282 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1040993 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA167 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104282 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040993 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA167 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | advanced_secure_gateway | 6.6 | |
| broadcom | advanced_secure_gateway | 6.7 | |
| broadcom | symantec_proxysg | 6.5 | |
| broadcom | symantec_proxysg | 6.6 | |
| broadcom | symantec_proxysg | 6.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1055B8-A926-4831-A8EC-E1A2C9DFFFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C90E531A-A9AF-47F4-BDC5-E40AEE3CCFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91A561A9-EA6E-461B-89FA-FA60F40C14B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles."
},
{
"lang": "es",
"value": "Symantec Advanced Secure Gateway (ASG) 6.6 y 6.7 y ProxySG 6.5, 6.6 y 6.7 son susceptibles a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n SAML. Los productos pueden configurarse con un realm de autenticaci\u00f3n SAML para autenticar a usuarios de red en tr\u00e1fico de proxy interceptado. Al parsear respuestas SAML, ASG y ProxySG gestionan incorrectamente los nodos XML con comentarios. Un atacante remoto puede modificar una respuesta SAML v\u00e1lida sin invalidar su firma criptogr\u00e1fica. Esto podr\u00eda permitir que el atacante omita los controles de seguridad de autenticaci\u00f3n en ASG y ProxySG. Esta vulnerabilidad solo afecta a la autenticaci\u00f3n de usuarios de red en el tr\u00e1fico interceptado. No afecta a la autenticaci\u00f3n de usuario administrador en las consolas de gesti\u00f3n de ASG y ProxySG."
}
],
"id": "CVE-2018-5241",
"lastModified": "2024-11-21T04:08:24.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-29T13:29:00.617",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104282"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040993"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-10258
Vulnerability from fkie_nvd - Published: 2018-04-11 14:29 - Updated: 2024-11-21 02:43
Severity ?
Summary
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | advanced_secure_gateway | * | |
| broadcom | advanced_secure_gateway | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF86C5BD-ABB2-4B5D-901D-42153FB2ED15",
"versionEndExcluding": "6.6.5.14",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8D1880-B9D6-4AA2-B266-ACDFD0E046E9",
"versionEndExcluding": "6.7.3.1",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71233B55-5E11-42A3-AE39-EAD381E32607",
"versionEndExcluding": "6.5.10.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D262D81-F928-4847-87C8-D20849ABA94F",
"versionEndExcluding": "6.6.5.14",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EADC894C-8F9E-4BE1-9A1D-45A0B3AB4462",
"versionEndExcluding": "6.7.3.1",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de archivos sin restricci\u00f3n en las consolas de gesti\u00f3n Symantec Advanced Secure Gateway (ASG) y ProxySG. Un administrador de aparatos malicioso puede subir archivos arbitrarios maliciosos a la consola de gesti\u00f3n y enga\u00f1ar a otro usuario administrador para que descargue y ejecute c\u00f3digo malicioso."
}
],
"id": "CVE-2016-10258",
"lastModified": "2024-11-21T02:43:40.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-11T14:29:00.250",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040757"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-13677
Vulnerability from fkie_nvd - Published: 2018-04-11 14:29 - Updated: 2024-11-21 03:11
Severity ?
Summary
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | advanced_secure_gateway | * | |
| broadcom | advanced_secure_gateway | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF86C5BD-ABB2-4B5D-901D-42153FB2ED15",
"versionEndExcluding": "6.6.5.14",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8D1880-B9D6-4AA2-B266-ACDFD0E046E9",
"versionEndExcluding": "6.7.3.1",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71233B55-5E11-42A3-AE39-EAD381E32607",
"versionEndExcluding": "6.5.10.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D262D81-F928-4847-87C8-D20849ABA94F",
"versionEndExcluding": "6.6.5.14",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EADC894C-8F9E-4BE1-9A1D-45A0B3AB4462",
"versionEndExcluding": "6.7.3.1",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes."
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio (DoS) en las consolas de gesti\u00f3n Symantec Advanced Secure Gateway (ASG) y ProxySG. Un atacante remoto puede emplear peticiones HTTP/HTTPS manipuladas para provocar el cierre inesperado de la aplicaci\u00f3n a trav\u00e9s de una denegaci\u00f3n de servicio (DoS) en la consola de gesti\u00f3n."
}
],
"id": "CVE-2017-13677",
"lastModified": "2024-11-21T03:11:24.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-11T14:29:00.313",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040757"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-13678
Vulnerability from fkie_nvd - Published: 2018-04-11 14:29 - Updated: 2024-11-21 03:11
Severity ?
Summary
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103685 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040757 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA162 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | advanced_secure_gateway | * | |
| broadcom | advanced_secure_gateway | * | |
| broadcom | advanced_secure_gateway | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF86C5BD-ABB2-4B5D-901D-42153FB2ED15",
"versionEndExcluding": "6.6.5.14",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D365F8C-3F0E-4596-9AE0-840E966E7E2C",
"versionEndExcluding": "6.7.3.7",
"versionStartIncluding": "6.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD17841-CC52-427D-9B77-B3787276D1FE",
"versionEndExcluding": "6.7.4.107",
"versionStartIncluding": "6.7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71233B55-5E11-42A3-AE39-EAD381E32607",
"versionEndExcluding": "6.5.10.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D262D81-F928-4847-87C8-D20849ABA94F",
"versionEndExcluding": "6.6.5.14",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A161CEF7-078D-400B-82FF-F4CCD5561F09",
"versionEndExcluding": "6.7.3.7",
"versionStartIncluding": "6.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F473B1BD-A298-4809-AAB1-E7B520AA5222",
"versionEndExcluding": "6.7.4.107",
"versionStartIncluding": "6.7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) persistente en las consolas de gesti\u00f3n Symantec Advanced Secure Gateway (ASG) y ProxySG. Un administrador de aparatos malicioso puede inyectar c\u00f3digo JavaScript arbitrario en la aplicaci\u00f3n cliente de la consola de gesti\u00f3n web."
}
],
"id": "CVE-2017-13678",
"lastModified": "2024-11-21T03:11:24.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-11T14:29:00.377",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040757"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-10257
Vulnerability from fkie_nvd - Published: 2018-01-10 02:29 - Updated: 2024-11-21 02:43
Severity ?
Summary
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/102447 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102447 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | advanced_secure_gateway | * | |
| broadcom | advanced_secure_gateway | 6.6 | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | 6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08D3C0DC-195F-4035-805E-CDF610BC782E",
"versionEndExcluding": "6.7.2.1",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB38BF8-32F4-45F5-8681-60BE4A209EF7",
"versionEndExcluding": "6.5.10.6",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80D6174-972A-4E47-ABAA-1B53D03221E7",
"versionEndExcluding": "6.7.2.1",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256."
},
{
"lang": "es",
"value": "La consola de gesti\u00f3n de Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (en versiones anteriores a la 6.7.2.1), ProxySG 6.5 (en versiones anteriores a la 6.5.10.6), ProxySG 6.6 and ProxySG 6.7 (en versiones anteriores a la 6.7.2.1) es susceptible de contener una vulnerabilidad de XSS reflejado. Un atacante remoto puede emplear una URL de la consola de gesti\u00f3n manipulada en un ataque de phishing para inyectar c\u00f3digo JavaScript arbitrario en la aplicaci\u00f3n del cliente web de la consola de gesti\u00f3n. Esta vulnerabilidad es diferente de CVE-2016-10256."
}
],
"id": "CVE-2016-10257",
"lastModified": "2024-11-21T02:43:40.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T02:29:31.880",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102447"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-10256
Vulnerability from fkie_nvd - Published: 2018-01-10 02:29 - Updated: 2024-11-21 02:43
Severity ?
Summary
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/102451 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102451 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040138 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | * | |
| broadcom | symantec_proxysg | 6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB38BF8-32F4-45F5-8681-60BE4A209EF7",
"versionEndExcluding": "6.5.10.6",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80D6174-972A-4E47-ABAA-1B53D03221E7",
"versionEndExcluding": "6.7.2.1",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257."
},
{
"lang": "es",
"value": "La consola de gesti\u00f3n de Symantec ProxySG 6.5 (en versiones anteriores a la 6.5.10.6), 6.6 y 6.7 (en versiones anteriores a la 6.7.2.1) es susceptible de contener una vulnerabilidad de XSS reflejado. Un atacante remoto puede emplear una URL de la consola de gesti\u00f3n manipulada en un ataque de phishing para inyectar c\u00f3digo JavaScript arbitrario en la aplicaci\u00f3n del cliente web de la consola de gesti\u00f3n. Esta vulnerabilidad es diferente de CVE-2016-10257."
}
],
"id": "CVE-2016-10256",
"lastModified": "2024-11-21T02:43:40.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T02:29:31.833",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102451"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-30648 (GCVE-0-2021-30648)
Vulnerability from cvelistv5 – Published: 2021-06-30 10:40 – Updated: 2024-08-03 22:40
VLAI?
Summary
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advanced Secure Gateway (ASG) and ProxySG |
Affected:
ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:40:31.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG) and ProxySG",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-30T10:40:39",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2021-30648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG) and ProxySG",
"version": {
"version_data": [
{
"version_value": "ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2021-30648",
"datePublished": "2021-06-30T10:40:39",
"dateReserved": "2021-04-13T00:00:00",
"dateUpdated": "2024-08-03T22:40:31.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18375 (GCVE-0-2019-18375)
Vulnerability from cvelistv5 – Published: 2020-04-09 23:16 – Updated: 2024-08-05 01:54
VLAI?
Summary
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
Severity ?
No CVSS data available.
CWE
- Session hijacking
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Advanced Secure Gateway (ASG) and ProxySG |
Affected:
ASG 6.7.4 prior to 6.7.4.10, ASG 7.x prior to 7.2.0.1, ProxySG 6.7.4 prior to 6.7.4.10, ProxySG 7.x prior to 7.2.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ASG 6.7.4 prior to 6.7.4.10, ASG 7.x prior to 7.2.0.1, ProxySG 6.7.4 prior to 6.7.4.10, ProxySG 7.x prior to 7.2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:16:17",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
"version": {
"version_data": [
{
"version_value": "ASG 6.7.4 prior to 6.7.4.10, ASG 7.x prior to 7.2.0.1, ProxySG 6.7.4 prior to 6.7.4.10, ProxySG 7.x prior to 7.2.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18375",
"datePublished": "2020-04-09T23:16:17",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18371 (GCVE-0-2018-18371)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:14 – Updated: 2024-08-05 11:08
VLAI?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Affected:
6.6 and 6.7 prior to 6.7.4.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 and 6.7 prior to 6.7.4.2"
}
]
},
{
"product": "Symantec ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.15"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:14:58",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18371",
"datePublished": "2019-08-29T22:14:58",
"dateReserved": "2018-10-15T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18370 (GCVE-0-2018-18370)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:13 – Updated: 2024-08-05 11:08
VLAI?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Severity ?
No CVSS data available.
CWE
- Cross-site-scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Affected:
6.6 and 6.7 prior to 6.7.4.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 and 6.7 prior to 6.7.4.2"
}
]
},
{
"product": "Symantec ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.15"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site-scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:13:35",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site-scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18370",
"datePublished": "2019-08-29T22:13:35",
"dateReserved": "2018-10-15T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5241 (GCVE-0-2018-5241)
Vulnerability from cvelistv5 – Published: 2018-05-29 13:00 – Updated: 2024-09-17 03:28
VLAI?
Summary
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Advanced Secure Gateway (ASG) |
Affected:
6.6
Affected: 6.7 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:42.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167"
},
{
"name": "1040993",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040993"
},
{
"name": "104282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7"
}
]
}
],
"datePublic": "2018-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-30T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167"
},
{
"name": "1040993",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040993"
},
{
"name": "104282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-05-25T00:00:00",
"ID": "CVE-2018-5241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6"
},
{
"version_value": "6.7"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167"
},
{
"name": "1040993",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040993"
},
{
"name": "104282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-5241",
"datePublished": "2018-05-29T13:00:00Z",
"dateReserved": "2018-01-05T00:00:00",
"dateUpdated": "2024-09-17T03:28:24.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13678 (GCVE-0-2017-13678)
Vulnerability from cvelistv5 – Published: 2018-04-11 14:00 – Updated: 2024-09-16 23:40
VLAI?
Summary
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.
Severity ?
No CVSS data available.
CWE
- Stored XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Advanced Secure Gateway (ASG) |
Affected:
6.6 prior to 6.6.5.14
Affected: 6.7 prior to 6.7.4.107 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.107"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.8"
},
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.107"
}
]
}
],
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2017-13678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.4.107"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.8"
},
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.4.107"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-13678",
"datePublished": "2018-04-11T14:00:00Z",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-09-16T23:40:33.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10258 (GCVE-0-2016-10258)
Vulnerability from cvelistv5 – Published: 2018-04-11 14:00 – Updated: 2024-09-17 02:37
VLAI?
Summary
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
Severity ?
No CVSS data available.
CWE
- Unrestricted file upload
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Advanced Secure Gateway (ASG) |
Affected:
6.6 prior to 6.6.5.14
Affected: 6.7 prior to 6.7.3.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.3.1"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.8"
},
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.3.1"
}
]
}
],
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted file upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2016-10258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.3.1"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.8"
},
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.3.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted file upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-10258",
"datePublished": "2018-04-11T14:00:00Z",
"dateReserved": "2017-03-23T00:00:00",
"dateUpdated": "2024-09-17T02:37:23.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13677 (GCVE-0-2017-13677)
Vulnerability from cvelistv5 – Published: 2018-04-11 14:00 – Updated: 2024-09-17 02:16
VLAI?
Summary
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
Severity ?
No CVSS data available.
CWE
- Denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Advanced Secure Gateway (ASG) |
Affected:
6.6 prior to 6.6.5.14
Affected: 6.7 prior to 6.7.3.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:18.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.3.1"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.8"
},
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.3.1"
}
]
}
],
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2017-13677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.3.1"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.8"
},
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.3.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-13677",
"datePublished": "2018-04-11T14:00:00Z",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-09-17T02:16:31.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10256 (GCVE-0-2016-10256)
Vulnerability from cvelistv5 – Published: 2018-01-10 02:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.
Severity ?
No CVSS data available.
CWE
- Reflected XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | ProxySG |
Affected:
6.5 prior to 6.5.10.6
Affected: 6.6 Affected: 6.7 prior to 6.7.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.6"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.2.1"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1040138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2016-10256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.6"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.2.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040138"
},
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-10256",
"datePublished": "2018-01-10T02:00:00Z",
"dateReserved": "2017-03-23T00:00:00",
"dateUpdated": "2024-09-17T00:06:18.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10257 (GCVE-0-2016-10257)
Vulnerability from cvelistv5 – Published: 2018-01-10 02:00 – Updated: 2024-09-16 18:39
VLAI?
Summary
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
Severity ?
No CVSS data available.
CWE
- Reflected XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | ASG |
Affected:
6.6
Affected: 6.7 prior to 6.7.2.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.2.1"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.6"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.2.1"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1040138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2016-10257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASG",
"version": {
"version_data": [
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.2.1"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.6"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.2.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040138"
},
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-10257",
"datePublished": "2018-01-10T02:00:00Z",
"dateReserved": "2017-03-23T00:00:00",
"dateUpdated": "2024-09-16T18:39:51.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30648 (GCVE-0-2021-30648)
Vulnerability from nvd – Published: 2021-06-30 10:40 – Updated: 2024-08-03 22:40
VLAI?
Summary
The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advanced Secure Gateway (ASG) and ProxySG |
Affected:
ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:40:31.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG) and ProxySG",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-30T10:40:39",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2021-30648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG) and ProxySG",
"version": {
"version_data": [
{
"version_value": "ASG 6.6, ASG 6.7 prior to 6.7.4.17 or 6.7.5.12, ASG 7.2 prior to 7.2.7.2, ASG 7.3 prior to 7.3.3.3, ProxySG 6.5 prior to 6.5.10.16, ProxySG 6.6 prior to 6.6.5.19, ProxySG 6.7 prior to 6.7.3.15, 6.7.4.17, or 6.7.5.12, ProxySG 7.2 prior 7.2.7.2, ProxySG 7.3 prior to 7.3.3.3."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2021-30648",
"datePublished": "2021-06-30T10:40:39",
"dateReserved": "2021-04-13T00:00:00",
"dateUpdated": "2024-08-03T22:40:31.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18375 (GCVE-0-2019-18375)
Vulnerability from nvd – Published: 2020-04-09 23:16 – Updated: 2024-08-05 01:54
VLAI?
Summary
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
Severity ?
No CVSS data available.
CWE
- Session hijacking
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Symantec Advanced Secure Gateway (ASG) and ProxySG |
Affected:
ASG 6.7.4 prior to 6.7.4.10, ASG 7.x prior to 7.2.0.1, ProxySG 6.7.4 prior to 6.7.4.10, ProxySG 7.x prior to 7.2.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ASG 6.7.4 prior to 6.7.4.10, ASG 7.x prior to 7.2.0.1, ProxySG 6.7.4 prior to 6.7.4.10, ProxySG 7.x prior to 7.2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:16:17",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
"version": {
"version_data": [
{
"version_value": "ASG 6.7.4 prior to 6.7.4.10, ASG 7.x prior to 7.2.0.1, ProxySG 6.7.4 prior to 6.7.4.10, ProxySG 7.x prior to 7.2.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18375",
"datePublished": "2020-04-09T23:16:17",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18371 (GCVE-0-2018-18371)
Vulnerability from nvd – Published: 2019-08-29 22:14 – Updated: 2024-08-05 11:08
VLAI?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Affected:
6.6 and 6.7 prior to 6.7.4.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 and 6.7 prior to 6.7.4.2"
}
]
},
{
"product": "Symantec ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.15"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:14:58",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18371",
"datePublished": "2019-08-29T22:14:58",
"dateReserved": "2018-10-15T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18370 (GCVE-0-2018-18370)
Vulnerability from nvd – Published: 2019-08-29 22:13 – Updated: 2024-08-05 11:08
VLAI?
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Severity ?
No CVSS data available.
CWE
- Cross-site-scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Affected:
6.6 and 6.7 prior to 6.7.4.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 and 6.7 prior to 6.7.4.2"
}
]
},
{
"product": "Symantec ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.15"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site-scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:13:35",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site-scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18370",
"datePublished": "2019-08-29T22:13:35",
"dateReserved": "2018-10-15T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5241 (GCVE-0-2018-5241)
Vulnerability from nvd – Published: 2018-05-29 13:00 – Updated: 2024-09-17 03:28
VLAI?
Summary
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Advanced Secure Gateway (ASG) |
Affected:
6.6
Affected: 6.7 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:42.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167"
},
{
"name": "1040993",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040993"
},
{
"name": "104282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7"
}
]
}
],
"datePublic": "2018-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-30T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167"
},
{
"name": "1040993",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040993"
},
{
"name": "104282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-05-25T00:00:00",
"ID": "CVE-2018-5241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6"
},
{
"version_value": "6.7"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA167"
},
{
"name": "1040993",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040993"
},
{
"name": "104282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-5241",
"datePublished": "2018-05-29T13:00:00Z",
"dateReserved": "2018-01-05T00:00:00",
"dateUpdated": "2024-09-17T03:28:24.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13678 (GCVE-0-2017-13678)
Vulnerability from nvd – Published: 2018-04-11 14:00 – Updated: 2024-09-16 23:40
VLAI?
Summary
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.
Severity ?
No CVSS data available.
CWE
- Stored XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Advanced Secure Gateway (ASG) |
Affected:
6.6 prior to 6.6.5.14
Affected: 6.7 prior to 6.7.4.107 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.107"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.8"
},
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.107"
}
]
}
],
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2017-13678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.4.107"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.8"
},
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.4.107"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-13678",
"datePublished": "2018-04-11T14:00:00Z",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-09-16T23:40:33.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10258 (GCVE-0-2016-10258)
Vulnerability from nvd – Published: 2018-04-11 14:00 – Updated: 2024-09-17 02:37
VLAI?
Summary
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
Severity ?
No CVSS data available.
CWE
- Unrestricted file upload
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Advanced Secure Gateway (ASG) |
Affected:
6.6 prior to 6.6.5.14
Affected: 6.7 prior to 6.7.3.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.3.1"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.8"
},
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.3.1"
}
]
}
],
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted file upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2016-10258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.3.1"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.8"
},
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.3.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted file upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-10258",
"datePublished": "2018-04-11T14:00:00Z",
"dateReserved": "2017-03-23T00:00:00",
"dateUpdated": "2024-09-17T02:37:23.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13677 (GCVE-0-2017-13677)
Vulnerability from nvd – Published: 2018-04-11 14:00 – Updated: 2024-09-17 02:16
VLAI?
Summary
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
Severity ?
No CVSS data available.
CWE
- Denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | Advanced Secure Gateway (ASG) |
Affected:
6.6 prior to 6.6.5.14
Affected: 6.7 prior to 6.7.3.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:18.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.3.1"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.8"
},
{
"status": "affected",
"version": "6.6 prior to 6.6.5.14"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.3.1"
}
]
}
],
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2017-13677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.3.1"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.8"
},
{
"version_value": "6.6 prior to 6.6.5.14"
},
{
"version_value": "6.7 prior to 6.7.3.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
},
{
"name": "103685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103685"
},
{
"name": "1040757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-13677",
"datePublished": "2018-04-11T14:00:00Z",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-09-17T02:16:31.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10256 (GCVE-0-2016-10256)
Vulnerability from nvd – Published: 2018-01-10 02:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.
Severity ?
No CVSS data available.
CWE
- Reflected XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | ProxySG |
Affected:
6.5 prior to 6.5.10.6
Affected: 6.6 Affected: 6.7 prior to 6.7.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.6"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.2.1"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1040138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2016-10256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.6"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.2.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040138"
},
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-10256",
"datePublished": "2018-01-10T02:00:00Z",
"dateReserved": "2017-03-23T00:00:00",
"dateUpdated": "2024-09-17T00:06:18.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10257 (GCVE-0-2016-10257)
Vulnerability from nvd – Published: 2018-01-10 02:00 – Updated: 2024-09-16 18:39
VLAI?
Summary
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
Severity ?
No CVSS data available.
CWE
- Reflected XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Symantec Corporation | ASG |
Affected:
6.6
Affected: 6.7 prior to 6.7.2.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.2.1"
}
]
},
{
"product": "ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.6"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.2.1"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1040138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2016-10257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASG",
"version": {
"version_data": [
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.2.1"
}
]
}
},
{
"product_name": "ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.6"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.2.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040138"
},
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"name": "102447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-10257",
"datePublished": "2018-01-10T02:00:00Z",
"dateReserved": "2017-03-23T00:00:00",
"dateUpdated": "2024-09-16T18:39:51.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}