SQL Injection Vulnerabilities in Symantec Web Gateway Management Console
CVE-2013-1617

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Gateway; Web Gateway Appliance 8450; Web Gateway Appliance 8490
Vendor: CVE Published:; 1 August 2013

Summary

Multiple SQL injection vulnerabilities have been identified in the management console of Symantec Web Gateway prior to version 5.1.1. These vulnerabilities enable remote authenticated administrators to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of data. Attackers may exploit unspecified vectors within the management console, leading to unauthorized actions and control over the system.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

http://www.securityfocus.com/bid/61101

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 1, 2013
Vulnerability Reserved
Feb 4, 2013