Stored XSS Vulnerability in Symantec Advanced Secure Gateway and ProxySG Management Consoles
CVE-2017-13678

4.8MEDIUM

Key Information:

Vendor

Symantec Corporation

Status
Advanced Secure Gateway (asg)
Proxysg
Vendor
CVE Published:
11 April 2018

What is CVE-2017-13678?

The vulnerability in Symantec Advanced Secure Gateway and ProxySG management consoles allows a malicious appliance administrator to inject arbitrary JavaScript code via the web client application. This can lead to unauthorized access and manipulation of sensitive data within the management interface. Organizations using these products should implement immediate security measures to safeguard against potential exploitation.

Affected Version(s)

Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.14

Advanced Secure Gateway (ASG) 6.7 prior to 6.7.4.107

ProxySG 6.5 prior to 6.5.10.8

References

https://www.symantec.com/security-center/network-protecti...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103685
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040757
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.