SQL Injection in Symantec Web_gateway
CVE-2013-1617
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
Vulnerability class: SQL Injection
EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.
Affected products
- Symantec Web_gateway — versions 5.0, 5.0.1, 5.0.2
- Symantec Web_gateway_appliance_8450
- Symantec Web_gateway_appliance_8490
- N/a — versions n/a
Weakness classification (CWE)
References
- secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
- secure@symantec.com (x_refsource_MISC)
- 61101 (vdb-entry, x_refsource_BID)
- secure@symantec.com (x_refsource_MISC)