Описание
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.89461
Высокий
10 Critical
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
EPSS
Процентиль: 100%
0.89461
Высокий
10 Critical
CVSS2
Дефекты
CWE-264