Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for ASG by Symantec Corporation

    CVE-2016-10257 (GCVE-0-2016-10257)

    Vulnerability from nvd – Published: 2018-01-10 02:00 – Updated: 2024-09-16 18:39
    VLAI
    Summary
    The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
    Severity
    No CVSS data available.
    CWE
    • Reflected XSS
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040138 vdb-entryx_refsource_SECTRACK
    https://www.symantec.com/security-center/network-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102447 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Symantec Corporation ASG Affected: 6.6
    Affected: 6.7 prior to 6.7.2.1
    Create a notification for this product.
    Symantec Corporation ProxySG Affected: 6.5 prior to 6.5.10.6
    Affected: 6.6
    Affected: 6.7 prior to 6.7.2.1
    Create a notification for this product.
    Date Public
    2018-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:14:42.820Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040138"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
              },
              {
                "name": "102447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.2.1"
                }
              ]
            },
            {
              "product": "ProxySG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 prior to 6.5.10.6"
                },
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "1040138",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040138"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
            },
            {
              "name": "102447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-01-09T00:00:00",
              "ID": "CVE-2016-10257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ASG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ProxySG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 prior to 6.5.10.6"
                              },
                              {
                                "version_value": "6.6"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040138",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040138"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
                },
                {
                  "name": "102447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-10257",
        "datePublished": "2018-01-10T02:00:00.000Z",
        "dateReserved": "2017-03-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:39:51.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9100 (GCVE-0-2016-9100)

    Vulnerability from nvd – Published: 2017-05-11 14:01 – Updated: 2024-09-16 20:42
    VLAI
    Summary
    Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040138 vdb-entryx_refsource_SECTRACK
    https://www.symantec.com/security-center/network-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102454 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Symantec Corporation ASG Affected: 6.6 prior to 6.6.5.13
    Affected: 6.7 prior to 6.7.3.1
    Create a notification for this product.
    Symantec Corporation ProxySG Affected: 6.5 prior to 6.5.10.6
    Affected: 6.6 prior to 6.6.5.13
    Affected: 6.7 prior to 6.7.3.1
    Create a notification for this product.
    Date Public
    2018-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:10.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040138"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
              },
              {
                "name": "102454",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6 prior to 6.6.5.13"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.3.1"
                }
              ]
            },
            {
              "product": "ProxySG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 prior to 6.5.10.6"
                },
                {
                  "status": "affected",
                  "version": "6.6 prior to 6.6.5.13"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.3.1"
                }
              ]
            }
          ],
          "datePublic": "2018-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "1040138",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040138"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
            },
            {
              "name": "102454",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102454"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-01-09T00:00:00",
              "ID": "CVE-2016-9100",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ASG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6 prior to 6.6.5.13"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ProxySG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 prior to 6.5.10.6"
                              },
                              {
                                "version_value": "6.6 prior to 6.6.5.13"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040138",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040138"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
                },
                {
                  "name": "102454",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102454"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-9100",
        "datePublished": "2017-05-11T14:01:00.000Z",
        "dateReserved": "2016-10-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:42:42.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9099 (GCVE-0-2016-9099)

    Vulnerability from nvd – Published: 2017-05-11 14:01 – Updated: 2024-09-16 22:40
    VLAI
    Summary
    Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
    Severity
    No CVSS data available.
    CWE
    • Open redirection
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/102455 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040138 vdb-entryx_refsource_SECTRACK
    https://www.symantec.com/security-center/network-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Symantec Corporation ASG Affected: 6.6
    Affected: 6.7 prior to 6.7.2.1
    Create a notification for this product.
    Symantec Corporation ProxySG Affected: 6.5 prior to 6.5.10.6
    Affected: 6.6
    Affected: 6.7 prior to 6.7.2.1
    Create a notification for this product.
    Date Public
    2018-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:10.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102455",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102455"
              },
              {
                "name": "1040138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040138"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.2.1"
                }
              ]
            },
            {
              "product": "ProxySG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 prior to 6.5.10.6"
                },
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open redirection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "102455",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102455"
            },
            {
              "name": "1040138",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040138"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-01-09T00:00:00",
              "ID": "CVE-2016-9099",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ASG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ProxySG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 prior to 6.5.10.6"
                              },
                              {
                                "version_value": "6.6"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open redirection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102455",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102455"
                },
                {
                  "name": "1040138",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040138"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-9099",
        "datePublished": "2017-05-11T14:01:00.000Z",
        "dateReserved": "2016-10-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:40:30.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-10257 (GCVE-0-2016-10257)

    Vulnerability from cvelistv5 – Published: 2018-01-10 02:00 – Updated: 2024-09-16 18:39
    VLAI
    Summary
    The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
    Severity
    No CVSS data available.
    CWE
    • Reflected XSS
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040138 vdb-entryx_refsource_SECTRACK
    https://www.symantec.com/security-center/network-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102447 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Symantec Corporation ASG Affected: 6.6
    Affected: 6.7 prior to 6.7.2.1
    Create a notification for this product.
    Symantec Corporation ProxySG Affected: 6.5 prior to 6.5.10.6
    Affected: 6.6
    Affected: 6.7 prior to 6.7.2.1
    Create a notification for this product.
    Date Public
    2018-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:14:42.820Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040138"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
              },
              {
                "name": "102447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102447"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.2.1"
                }
              ]
            },
            {
              "product": "ProxySG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 prior to 6.5.10.6"
                },
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "1040138",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040138"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
            },
            {
              "name": "102447",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102447"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-01-09T00:00:00",
              "ID": "CVE-2016-10257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ASG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ProxySG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 prior to 6.5.10.6"
                              },
                              {
                                "version_value": "6.6"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040138",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040138"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
                },
                {
                  "name": "102447",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102447"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-10257",
        "datePublished": "2018-01-10T02:00:00.000Z",
        "dateReserved": "2017-03-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:39:51.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9100 (GCVE-0-2016-9100)

    Vulnerability from cvelistv5 – Published: 2017-05-11 14:01 – Updated: 2024-09-16 20:42
    VLAI
    Summary
    Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1040138 vdb-entryx_refsource_SECTRACK
    https://www.symantec.com/security-center/network-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102454 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Symantec Corporation ASG Affected: 6.6 prior to 6.6.5.13
    Affected: 6.7 prior to 6.7.3.1
    Create a notification for this product.
    Symantec Corporation ProxySG Affected: 6.5 prior to 6.5.10.6
    Affected: 6.6 prior to 6.6.5.13
    Affected: 6.7 prior to 6.7.3.1
    Create a notification for this product.
    Date Public
    2018-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:10.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040138"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
              },
              {
                "name": "102454",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6 prior to 6.6.5.13"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.3.1"
                }
              ]
            },
            {
              "product": "ProxySG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 prior to 6.5.10.6"
                },
                {
                  "status": "affected",
                  "version": "6.6 prior to 6.6.5.13"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.3.1"
                }
              ]
            }
          ],
          "datePublic": "2018-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "1040138",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040138"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
            },
            {
              "name": "102454",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102454"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-01-09T00:00:00",
              "ID": "CVE-2016-9100",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ASG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6 prior to 6.6.5.13"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.3.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ProxySG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 prior to 6.5.10.6"
                              },
                              {
                                "version_value": "6.6 prior to 6.6.5.13"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040138",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040138"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
                },
                {
                  "name": "102454",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102454"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-9100",
        "datePublished": "2017-05-11T14:01:00.000Z",
        "dateReserved": "2016-10-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:42:42.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9099 (GCVE-0-2016-9099)

    Vulnerability from cvelistv5 – Published: 2017-05-11 14:01 – Updated: 2024-09-16 22:40
    VLAI
    Summary
    Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
    Severity
    No CVSS data available.
    CWE
    • Open redirection
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/102455 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040138 vdb-entryx_refsource_SECTRACK
    https://www.symantec.com/security-center/network-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Symantec Corporation ASG Affected: 6.6
    Affected: 6.7 prior to 6.7.2.1
    Create a notification for this product.
    Symantec Corporation ProxySG Affected: 6.5 prior to 6.5.10.6
    Affected: 6.6
    Affected: 6.7 prior to 6.7.2.1
    Create a notification for this product.
    Date Public
    2018-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:10.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102455",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102455"
              },
              {
                "name": "1040138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040138"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.2.1"
                }
              ]
            },
            {
              "product": "ProxySG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5 prior to 6.5.10.6"
                },
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7 prior to 6.7.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open redirection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-11T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "102455",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102455"
            },
            {
              "name": "1040138",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040138"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-01-09T00:00:00",
              "ID": "CVE-2016-9099",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ASG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.2.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ProxySG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5 prior to 6.5.10.6"
                              },
                              {
                                "version_value": "6.6"
                              },
                              {
                                "version_value": "6.7 prior to 6.7.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open redirection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102455",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102455"
                },
                {
                  "name": "1040138",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040138"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-9099",
        "datePublished": "2017-05-11T14:01:00.000Z",
        "dateReserved": "2016-10-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:40:30.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }