SQL Injection in Symantec Web_gateway

CVE-2013-5012

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Vulnerability class: SQL Injection

EPSS: 0.004 (63.2th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

65404 (vdb-entry, x_refsource_BID)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)