Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSymantecCVE-2014-7285
HistoryDec 17, 2014 - 4:59 p.m.

CVE-2014-7285

2014-12-1716:59:00
CWE-77
symantec
web.nvd.nist.gov
32
symantec
web gateway
cve-2014-7285
os commands
php scripts
nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.8

Confidence

High

EPSS

0.479

Percentile

97.5%

JSON

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Affected configurations

Nvd
Node
symantecweb_gatewayRange5.2.1
VendorProductVersionCPE
symantecweb_gateway*cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*

Related

metasploit 1
packetstorm 2
nessus 1
cvelist 1
zdt 2
securityvulns 2
prion 1
nvd 1
openvas 2
symantec 1
exploitdb 1
checkpoint_advisories 1
metasploit
metasploit
Symantec Web Gateway 5 restore.php Post Authentication Command Injection
2015-02-27 18:31:29
packetstorm
packetstorm
Symantec Web Gateway 5.2.1 OS Command Injection
2014-12-31 00:00:00
Symantec Web Gateway 5 restore.php Command Injection
2015-03-03 00:00:00
nessus
nessus
Symantec Web Gateway < 5.2.2 Authenticated OS Command Injection (SYM14-016)
2014-12-19 00:00:00
cvelist
cvelist
CVE-2014-7285
2014-12-17 16:00:00
zdt
zdt
Symantec Web Gateway 5.2.1 OS Command Injection Vilnerability
2015-01-01 00:00:00
Symantec Web Gateway 5 restore.php Command Injection Exploit
2015-03-03 00:00:00
securityvulns
securityvulns
[KIS-2014-19] Symantec Web Gateway &lt;= 5.2.1 &#40;restore.php&#41; OS Command Injection Vulnerability
2015-01-02 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-01-02 00:00:00
prion
prion
Design/Logic Flaw
2014-12-17 16:59:00
nvd
nvd
CVE-2014-7285
2014-12-17 16:59:00
openvas
openvas
Symantec Web Gateway Unspecified Remote Command Execution Vulnerability (Dec 2014)
2014-12-23 00:00:00
Symantec Web Gateway < 5.2.2 Command Injection Vulnerability
2014-12-18 00:00:00
symantec
symantec
Symantec Web Gateway OS Authenticated Command Injection
2014-12-16 08:00:00
exploitdb
exploitdb
Symantec Web Gateway 5 - &#039;restore.php&#039; (Authenticated) Command Injection (Metasploit)
2015-03-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Symantec Web Gateway OS Command Injection (CVE-2014-7285; CVE-2016-5313)
2015-03-25 00:00:00

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.8

Confidence

High

EPSS

0.479

Percentile

97.5%

JSON
Related for CVE-2014-7285
metasploit1packetstorm2nessus1cvelist1zdt2securityvulns2prion1nvd1openvas2symantec1exploitdb1checkpoint_advisories1