SQL Injection in Symantec Web_gateway

CVE-2014-1651

SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Vulnerability class: SQL Injection

EPSS: 0.012 (79.3th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway — versions 5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

1030443 (vdb-entry, x_refsource_SECTRACK)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
secure@symantec.com (x_refsource_CONFIRM)
67754 (vdb-entry, x_refsource_BID)
VU#719172 (x_refsource_CERT-VN, third-party-advisory)