Symantec Web Gateway < 5.2 Multiple Vulnerabilities (SYM14-003)

2015-05-1300:00:00

Tenable

www.tenable.com

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.71

Percentile

98.1%

JSON

The remote host is running Symantec Web Gateway, a web content filtering appliance that has it’s own web server. Versions of Symantec Web Gateway prior to 5.2 are affected by the following vulnerabilities :

Multiple cross-site scripting vulnerabilities exist.(CVE-2013-5013)
Multiple SQL injection vulnerabilities exist because of a failure to sanitize user-supplied input before using it in a SQL query. (CVE-2013-5012)