CVE-2017-13678

4.8MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: Advanced Secure Gateway (asg); Proxysg
Vendor: CVE Published:; 11 April 2018

Summary

Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.

Affected Version(s)

Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.14

Advanced Secure Gateway (ASG) 6.7 prior to 6.7.4.107

ProxySG 6.5 prior to 6.5.10.8

References

https://www.symantec.com/security-center/network-protecti...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103685

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1040757

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 11, 2018
Vulnerability Reserved
Aug 24, 2017