Open Redirection Vulnerability in Symantec Proxy and ASG Products
CVE-2016-9099

6.1MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: Asg; Proxysg
Vendor: CVE Published:; 11 May 2017

What is CVE-2016-9099?

Symantec Advanced Secure Gateway and ProxySG products are vulnerable to an open redirection flaw, allowing attackers to exploit crafted URLs in the management console. This vulnerability could lead to phishing attacks, redirecting users to potentially harmful websites without their consent. It is critical for users of affected versions to apply patches and follow security best practices to mitigate the risk posed by this vulnerability.

Affected Version(s)

ASG 6.6

ASG 6.7 prior to 6.7.2.1

ProxySG 6.5 prior to 6.5.10.6

References

http://www.securityfocus.com/bid/102455

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1040138

vdb-entryx_refsource_SECTRACK

https://www.symantec.com/security-center/network-protecti...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 11, 2017
Vulnerability Reserved
Oct 28, 2016

Symantec Corporation

What is CVE-2016-9099?

Affected Version(s)

References

CVSS V3.1

Timeline