Remote Password Manipulation Vulnerability in Symantec Web Gateway
CVE-2012-2977

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Gateway
Vendor: CVE Published:; 23 July 2012

Summary

The management console in Symantec Web Gateway versions prior to 5.0.3.18 is susceptible to a vulnerability that allows remote attackers to modify user passwords through specially crafted input sent to an application script. This weakness can be exploited to gain unauthorized access and control over the affected system, potentially leading to further security breaches.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/108471

third-party-advisoryx_refsource_CERT-VN

http://www.securityfocus.com/bid/54430

vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 23, 2012
Vulnerability Reserved
May 30, 2012