CVE-2014-1650

Опубликовано: 18 июн. 2014

Источник: nvd

CVSS2: 5.2

EPSS Низкий

Описание

SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Ссылки

http://www.securityfocus.com/bid/67753
http://www.securitytracker.com/id/1030443
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Vendor Advisory
http://www.securityfocus.com/bid/67753
http://www.securitytracker.com/id/1030443
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*

Версия до 5.2 (включая)

EPSS

Процентиль: 72%

0.00715

Низкий

5.2 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-w927-5gjh-g33r

github

больше 3 лет назад