Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Symantec Advanced Secure Gateway (ASG) and ProxySG by Symantec Corporation

    CVE-2016-9097 (GCVE-0-2016-9097)

    Vulnerability from nvd – Published: 2017-05-11 14:01 – Updated: 2024-09-16 17:33
    VLAI
    Summary
    The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.
    Severity
    No CVSS data available.
    CWE
    • Improper user authorization
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101530 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039701 vdb-entryx_refsource_SECTRACK
    https://www.symantec.com/security-center/network-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Symantec Corporation Symantec Advanced Secure Gateway (ASG) and ProxySG Affected: ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2
    Create a notification for this product.
    Date Public
    2017-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:10.388Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101530"
              },
              {
                "name": "1039701",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039701"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper user authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-01T09:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "101530",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101530"
            },
            {
              "name": "1039701",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039701"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2017-10-30T00:00:00",
              "ID": "CVE-2016-9097",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper user authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101530",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101530"
                },
                {
                  "name": "1039701",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039701"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-9097",
        "datePublished": "2017-05-11T14:01:00.000Z",
        "dateReserved": "2016-10-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:33:11.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9097 (GCVE-0-2016-9097)

    Vulnerability from cvelistv5 – Published: 2017-05-11 14:01 – Updated: 2024-09-16 17:33
    VLAI
    Summary
    The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.
    Severity
    No CVSS data available.
    CWE
    • Improper user authorization
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101530 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039701 vdb-entryx_refsource_SECTRACK
    https://www.symantec.com/security-center/network-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Symantec Corporation Symantec Advanced Secure Gateway (ASG) and ProxySG Affected: ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2
    Create a notification for this product.
    Date Public
    2017-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:42:10.388Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101530"
              },
              {
                "name": "1039701",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039701"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
                }
              ]
            }
          ],
          "datePublic": "2017-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper user authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-01T09:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "101530",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101530"
            },
            {
              "name": "1039701",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039701"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2017-10-30T00:00:00",
              "ID": "CVE-2016-9097",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper user authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101530",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101530"
                },
                {
                  "name": "1039701",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039701"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2016-9097",
        "datePublished": "2017-05-11T14:01:00.000Z",
        "dateReserved": "2016-10-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:33:11.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }