Cross-Site Request Forgery Vulnerability in Symantec Web Gateway Management Console
CVE-2013-4671

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Gateway; Web Gateway Appliance 8450; Web Gateway Appliance 8490
Vendor: CVE Published:; 1 August 2013

Summary

A CSRF vulnerability exists in the management console of the Symantec Web Gateway appliance prior to version 5.1.1. This flaw potentially enables remote authenticated users to exploit the session management of the appliance, allowing them to execute unauthorized actions on behalf of unsuspecting victims through various unknown vectors. Successful exploitation of this vulnerability can lead to session hijacking, posing serious security risks to users and systems relying on the Symantec Web Gateway.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

http://packetstormsecurity.com/files/122556/Symantec-Web-...

x_refsource_MISC

Timeline

Vulnerability published
Aug 1, 2013
Vulnerability Reserved
Jun 24, 2013