SQL Injection Vulnerabilities in Symantec Web Gateway Management Console
CVE-2015-6548

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Gateway
Vendor: CVE Published:; 20 September 2015

Summary

Multiple SQL injection vulnerabilities exist in the management console of Symantec Web Gateway appliances. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands, potentially compromising the integrity of the database. The affected versions include those prior to 5.2.2 DB 5.0.0.1277, enabling unauthorized access to sensitive information and manipulation of the backend database through unspecified vectors. It is crucial for users to update their appliances to mitigate these vulnerabilities.

References

http://www.securitytracker.com/id/1033625

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/76729

vdb-entryx_refsource_BID

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 20, 2015
Vulnerability Reserved
Aug 21, 2015