SQL Injection in Symantec Web_gateway

CVE-2014-1650

SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Vulnerability class: SQL Injection

EPSS: 0.007 (72.8th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

1030443 (vdb-entry, x_refsource_SECTRACK)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
67753 (vdb-entry, x_refsource_BID)
secure@symantec.com (x_refsource_CONFIRM)