Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for proxysg by symantec

    VAR-201705-3126

    Vulnerability from variot - Updated: 2025-04-20 23:38

    The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. Broadcom of advanced secure gateway and symantec proxysg contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ProxySG and ASG are prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information or elevate privileges. This may aid in further attacks. The following products are affected: Blue Coat Systems ASG 6.6 prior to 6.6.5.8 is vulnerable. Blue Coat Systems ProxySG 6.5 prior to 6.5.10.6, 6.6 prior to 6.6.5.8, and 6.7 prior to 6.7.1.2 are vulnerable. Symantec ProxySG and Advanced Secure Gateway (ASG) are security gateway devices of Symantec Corporation of the United States. Security vulnerabilities exist in Symantec ProxySG and ASG

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3126",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.9.10"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.2"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.2.10"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.4.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.3"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.4"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.2"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.3.2"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.5.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.9.14"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.4.3"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.1.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.9.8"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.4"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.3"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.2.2"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.4.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.2.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.7.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.4.3"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.6.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.9.2"
          },
          {
            "model": "advanced secure gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": "symantec proxysg",
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6.5"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6.4.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.7.1.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6.2.2"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6.3.2"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6.3"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6.4.3"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6.4"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6.2.1"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5.4"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5.36"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5.35"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.7"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.6"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5.8.8"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5.7.3"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5.5.7"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5.5.4"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5.1.1"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5"
          },
          {
            "model": "coat systems advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.6"
          },
          {
            "model": "coat systems proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.7.1.2"
          },
          {
            "model": "coat systems proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.6.5.8"
          },
          {
            "model": "coat systems proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.5.10.6"
          },
          {
            "model": "coat systems advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blue",
            "version": "6.6.5.8"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "101530"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9097"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jakub Palaczynski and Pawel Bartunek.",
        "sources": [
          {
            "db": "BID",
            "id": "101530"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-9097",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2016-9097",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-97917",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2016-9097",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-9097",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-9097",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-1277",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97917",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9097"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. Broadcom of advanced secure gateway and symantec proxysg contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ProxySG and ASG are prone to an authorization-bypass vulnerability. \nAttackers can exploit this issue to gain unauthorized access and obtain  sensitive information or elevate privileges. This may aid in further  attacks. \nThe following products are affected:\nBlue Coat Systems ASG 6.6 prior to 6.6.5.8 is vulnerable. \nBlue Coat Systems ProxySG 6.5 prior to 6.5.10.6, 6.6 prior to 6.6.5.8, and 6.7 prior to 6.7.1.2 are vulnerable. Symantec ProxySG and Advanced Secure Gateway (ASG) are security gateway devices of Symantec Corporation of the United States. Security vulnerabilities exist in Symantec ProxySG and ASG",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-9097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          },
          {
            "db": "BID",
            "id": "101530"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97917"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-9097",
            "trust": 3.6
          },
          {
            "db": "BID",
            "id": "101530",
            "trust": 2.8
          },
          {
            "db": "SECTRACK",
            "id": "1039701",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009738",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-97917",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97917"
          },
          {
            "db": "BID",
            "id": "101530"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9097"
          }
        ]
      },
      "id": "VAR-201705-3126",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97917"
          }
        ],
        "trust": 0.5723444599999999
      },
      "last_update_date": "2025-04-20T23:38:31.425000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Symantec ProxySG  and Advanced Secure Gateway Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155178"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.1
          },
          {
            "problemtype": "Authorization / authority / access control (CWE-264) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9097"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa146"
          },
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/101530"
          },
          {
            "trust": 2.5,
            "url": "http://www.securitytracker.com/id/1039701"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9097"
          },
          {
            "trust": 0.3,
            "url": "http://www.bluecoat.com/products/sg"
          },
          {
            "trust": 0.3,
            "url": "https://www.bluecoat.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97917"
          },
          {
            "db": "BID",
            "id": "101530"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9097"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97917"
          },
          {
            "db": "BID",
            "id": "101530"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9097"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97917"
          },
          {
            "date": "2017-10-26T00:00:00",
            "db": "BID",
            "id": "101530"
          },
          {
            "date": "2024-07-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          },
          {
            "date": "2017-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          },
          {
            "date": "2017-05-11T14:30:16.360000",
            "db": "NVD",
            "id": "CVE-2016-9097"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97917"
          },
          {
            "date": "2017-12-19T20:00:00",
            "db": "BID",
            "id": "101530"
          },
          {
            "date": "2024-07-18T07:31:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          },
          {
            "date": "2021-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-9097"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Broadcom\u00a0 of \u00a0advanced\u00a0secure\u00a0gateway\u00a0 and \u00a0symantec\u00a0proxysg\u00a0 Vulnerabilities related to authorization, privileges, and access control in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009738"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-1277"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201705-3129

    Vulnerability from variot - Updated: 2025-04-20 23:16

    Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. (DoS) It may be in a state. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. A remote attacker can exploit this vulnerability to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3129",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5.13"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.10.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5.13"
          },
          {
            "model": "advanced secure gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": "symantec proxysg",
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6\u003c=6.6.5.13"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.7\u003c=6.7.3.1"
          },
          {
            "model": "proxysg",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.6\u003c=6.6.5.13"
          },
          {
            "model": "proxysg",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.7\u003c=6.7.3.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.3.1"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.13"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.3.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "db": "BID",
            "id": "102454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009736"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9100"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jakub Palaczynski and Pawel Bartunek.",
        "sources": [
          {
            "db": "BID",
            "id": "102454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-9100",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-9100",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2018-01387",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-97920",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2016-9100",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-9100",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-9100",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-01387",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201801-444",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97920",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009736"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9100"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. (DoS) It may be in a state. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. A remote attacker can exploit this vulnerability to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-9100"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009736"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "db": "BID",
            "id": "102454"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97920"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-9100",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "102454",
            "trust": 3.4
          },
          {
            "db": "SECTRACK",
            "id": "1040138",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009736",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-97920",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97920"
          },
          {
            "db": "BID",
            "id": "102454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009736"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9100"
          }
        ]
      },
      "id": "VAR-201705-3129",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97920"
          }
        ],
        "trust": 1.2780618366666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:16:09.923000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for SymantecProxySG and AdvancedSecureGateway Information Disclosure Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/113947"
          },
          {
            "title": "Symantec ProxySG  and Advanced Secure Gateway Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77693"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.1
          },
          {
            "problemtype": "Certificate/password management (CWE-255) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009736"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9100"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
          },
          {
            "trust": 3.1,
            "url": "http://www.securityfocus.com/bid/102454"
          },
          {
            "trust": 2.5,
            "url": "http://www.securitytracker.com/id/1040138"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9100"
          },
          {
            "trust": 0.3,
            "url": "https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97920"
          },
          {
            "db": "BID",
            "id": "102454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009736"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9100"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97920"
          },
          {
            "db": "BID",
            "id": "102454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009736"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9100"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "date": "2017-05-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97920"
          },
          {
            "date": "2018-01-09T00:00:00",
            "db": "BID",
            "id": "102454"
          },
          {
            "date": "2024-07-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009736"
          },
          {
            "date": "2018-01-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          },
          {
            "date": "2017-05-11T14:30:16.437000",
            "db": "NVD",
            "id": "CVE-2016-9100"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "date": "2021-07-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97920"
          },
          {
            "date": "2018-01-09T00:00:00",
            "db": "BID",
            "id": "102454"
          },
          {
            "date": "2024-07-18T07:31:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009736"
          },
          {
            "date": "2021-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-9100"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec ProxySG and Advanced Secure Gateway Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01387"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-444"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201705-3128

    Vulnerability from variot - Updated: 2025-04-20 23:16

    Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. multiple Broadcom The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3128",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.10.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.2.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.2.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": "symantec proxysg",
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.5\u003c=6.5.10.6"
          },
          {
            "model": "proxysg",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.7\u003c=6.7.2.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.7\u003c=6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "db": "BID",
            "id": "102455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9099"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jakub Palaczynski and Pawel Bartunek.",
        "sources": [
          {
            "db": "BID",
            "id": "102455"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-9099",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-9099",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2018-01377",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-97919",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-9099",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-9099",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-9099",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-01377",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201801-443",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97919",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9099"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. multiple Broadcom The product contains an open redirect vulnerability.Information may be obtained and information may be tampered with. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may  aid in phishing attacks. Other attacks are possible",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-9099"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "db": "BID",
            "id": "102455"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97919"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-9099",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "102455",
            "trust": 3.4
          },
          {
            "db": "SECTRACK",
            "id": "1040138",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009737",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-97919",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97919"
          },
          {
            "db": "BID",
            "id": "102455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9099"
          }
        ]
      },
      "id": "VAR-201705-3128",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97919"
          }
        ],
        "trust": 1.2780618366666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:16:09.886000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for SymantecProxySG and AdvancedSecureGateway Open Redirection Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/113935"
          },
          {
            "title": "Symantec ProxySG  and Advanced Secure Gateway Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77692"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-601",
            "trust": 1.1
          },
          {
            "problemtype": "Open redirect (CWE-601) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9099"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
          },
          {
            "trust": 3.1,
            "url": "http://www.securityfocus.com/bid/102455"
          },
          {
            "trust": 2.5,
            "url": "http://www.securitytracker.com/id/1040138"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9099"
          },
          {
            "trust": 0.3,
            "url": "https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97919"
          },
          {
            "db": "BID",
            "id": "102455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9099"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97919"
          },
          {
            "db": "BID",
            "id": "102455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9099"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "date": "2017-05-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97919"
          },
          {
            "date": "2018-01-09T00:00:00",
            "db": "BID",
            "id": "102455"
          },
          {
            "date": "2024-07-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          },
          {
            "date": "2018-01-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          },
          {
            "date": "2017-05-11T14:30:16.407000",
            "db": "NVD",
            "id": "CVE-2016-9099"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-01377"
          },
          {
            "date": "2021-07-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97919"
          },
          {
            "date": "2018-01-09T00:00:00",
            "db": "BID",
            "id": "102455"
          },
          {
            "date": "2024-07-18T07:31:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          },
          {
            "date": "2021-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-9099"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Broadcom\u00a0 Product Open Redirect Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009737"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "102455"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201801-443"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-201512-0551

    Vulnerability from variot - Updated: 2025-04-13 23:41

    The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. Bluecoat ProxySG is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Blue Coat Systems ProxySG is a set of security Web gateway equipment of American Blue Coat Systems company. The appliance provides user authentication, web filtering, data loss protection, and more to control all web traffic. Remote attackers can use the 407 HTTP status code to exploit this vulnerability to obtain sensitive information. The following versions are affected: Blue Coat Systems ProxySG prior to 6.2.16.5, 6.5 prior to 6.5.7.1, and 6.6 prior to 6.6.2.1

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0551",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "proxysg",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "6.2.16.4"
          },
          {
            "model": "proxysg",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "6.5.7.0"
          },
          {
            "model": "proxysg",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "6.6.2.0"
          },
          {
            "model": "proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "6.2"
          },
          {
            "model": "proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "6.5"
          },
          {
            "model": "proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "blue coat",
            "version": "6.5.7.1"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "blue coat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "blue coat",
            "version": "6.5"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "blue coat",
            "version": "6.6.2.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bluecoat",
            "version": "6.5.7.0"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bluecoat",
            "version": "6.6.2.0"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bluecoat",
            "version": "6.2.16.4"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4334"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:bluecoat:proxysgos",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "onas Vestberg at Sentor Managed Security Services AB.",
        "sources": [
          {
            "db": "BID",
            "id": "85385"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-4334",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-4334",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-82295",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-4334",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-4334",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201512-084",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-82295",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-82295"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4334"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. Bluecoat ProxySG is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Blue Coat Systems ProxySG is a set of security Web gateway equipment of American Blue Coat Systems company. The appliance provides user authentication, web filtering, data loss protection, and more to control all web traffic. Remote attackers can use the 407 HTTP status code to exploit this vulnerability to obtain sensitive information. The following versions are affected: Blue Coat Systems ProxySG prior to 6.2.16.5, 6.5 prior to 6.5.7.1, and 6.6 prior to 6.6.2.1",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-4334"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "db": "BID",
            "id": "85385"
          },
          {
            "db": "VULHUB",
            "id": "VHN-82295"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-4334",
            "trust": 2.8
          },
          {
            "db": "SECTRACK",
            "id": "1032149",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-084",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "85385",
            "trust": 0.4
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-90029",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-82295",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-82295"
          },
          {
            "db": "BID",
            "id": "85385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4334"
          }
        ]
      },
      "id": "VAR-201512-0551",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-82295"
          }
        ],
        "trust": 0.5885714400000001
      },
      "last_update_date": "2025-04-13T23:41:18.867000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SA93",
            "trust": 0.8,
            "url": "https://bto.bluecoat.com/security-advisory/sa93"
          },
          {
            "title": "Blue Coat Systems ProxySG SGOS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58945"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-82295"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4334"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://bto.bluecoat.com/security-advisory/sa93"
          },
          {
            "trust": 1.7,
            "url": "https://twitter.com/bugch3ck/status/591492380294979585"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1032149"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4334"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4334"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-82295"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4334"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-82295"
          },
          {
            "db": "BID",
            "id": "85385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-4334"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-12-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-82295"
          },
          {
            "date": "2015-04-14T00:00:00",
            "db": "BID",
            "id": "85385"
          },
          {
            "date": "2015-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "date": "2015-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          },
          {
            "date": "2015-12-07T20:59:05.900000",
            "db": "NVD",
            "id": "CVE-2015-4334"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-82295"
          },
          {
            "date": "2015-04-14T00:00:00",
            "db": "BID",
            "id": "85385"
          },
          {
            "date": "2015-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          },
          {
            "date": "2019-02-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-4334"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Blue Coat ProxySG of  SGOS Vulnerability in which important information is obtained in default settings",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006134"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-084"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200711-0397

    Vulnerability from variot - Updated: 2025-04-10 23:13

    Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to ProxySG 4.2.6.1 and 5.2.2.5 are vulnerable. NOTE: This BID originally covered one issue, but was updated to also cover a second issue.


    2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published

    How do you know which Secunia advisories are important to you?

    The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.

    Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv


    TITLE: Blue Coat ProxySG SGOS Cross-Site Scripting Vulnerability

    SECUNIA ADVISORY ID: SA27452

    VERIFY ADVISORY: http://secunia.com/advisories/27452/

    CRITICAL: Less critical

    IMPACT: Cross Site Scripting

    WHERE:

    From remote

    OPERATING SYSTEM: Blue Coat Security Gateway OS (SGOS) 4.x http://secunia.com/product/5419/ Blue Coat Security Gateway OS (SGOS) 5.x http://secunia.com/product/12422/

    DESCRIPTION: A vulnerability has been reported in the Blue Coat ProxySG SGOS, which can be exploited by malicious people to conduct cross-site scripting attacks.

    Input passed to unspecified parameters when loading "Certificate Revocation Lists" via the management console is not properly sanitised before being returned to the user.

    SOLUTION: Update to version 4.2.6.1 or 5.2.2.5.

    PROVIDED AND/OR DISCOVERED BY: The vendor credits Adrian Pastor of ProCheckUp.

    ORIGINAL ADVISORY: http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200711-0397",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "5.0.0"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "4.2.6.1"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "5.2.2.5"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "blue coat",
            "version": "5.2.2.5"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "blue coat",
            "version": "5.x"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bluecoat",
            "version": "5.2.2.4"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "bluecoat",
            "version": "4.2.6"
          },
          {
            "model": "coat systems sgos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "4.1.2"
          },
          {
            "model": "coat systems proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "blue",
            "version": "0"
          },
          {
            "model": "coat systems sgos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blue",
            "version": "5.2.2.5"
          },
          {
            "model": "coat systems sgos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "blue",
            "version": "4.2.6.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "26286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-5796"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:bluecoat:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor credits Adrian Pastor with the discovery of this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "26286"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2007-5796",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2007-5796",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2007-5796",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2007-5796",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200711-035",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-5796"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nVersions prior to ProxySG 4.2.6.1 and 5.2.2.5 are vulnerable. \nNOTE: This BID originally covered one issue, but was updated to also cover a second issue. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nBlue Coat ProxySG SGOS Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA27452\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27452/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nBlue Coat Security Gateway OS (SGOS) 4.x\nhttp://secunia.com/product/5419/\nBlue Coat Security Gateway OS (SGOS) 5.x\nhttp://secunia.com/product/12422/\n\nDESCRIPTION:\nA vulnerability has been reported in the Blue Coat ProxySG SGOS,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nInput passed to unspecified parameters when loading \"Certificate\nRevocation Lists\" via the management console is not properly\nsanitised before being returned to the user. \n\nSOLUTION:\nUpdate to version 4.2.6.1 or 5.2.2.5. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Adrian Pastor of ProCheckUp. \n\nORIGINAL ADVISORY:\nhttp://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2007-5796"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "db": "BID",
            "id": "26286"
          },
          {
            "db": "PACKETSTORM",
            "id": "60621"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2007-5796",
            "trust": 2.7
          },
          {
            "db": "SECUNIA",
            "id": "27452",
            "trust": 1.7
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-3678",
            "trust": 1.6
          },
          {
            "db": "SECTRACK",
            "id": "1018888",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "38213",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "26286",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "60621",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "26286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "db": "PACKETSTORM",
            "id": "60621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-5796"
          }
        ]
      },
      "id": "VAR-200711-0397",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.48857144
      },
      "last_update_date": "2025-04-10T23:13:08.715000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.bluecoat.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-5796"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/27452"
          },
          {
            "trust": 1.6,
            "url": "http://www.securitytracker.com/id?1018888"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/3678"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38213"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5796"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5796"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2007/3678"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/38213"
          },
          {
            "trust": 0.3,
            "url": "http://hypersonic.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability"
          },
          {
            "trust": 0.3,
            "url": "http://www.bluecoat.com/products/sg"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/483124"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/5419/"
          },
          {
            "trust": 0.1,
            "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/27452/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12422/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "26286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "db": "PACKETSTORM",
            "id": "60621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-5796"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "26286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "db": "PACKETSTORM",
            "id": "60621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          },
          {
            "db": "NVD",
            "id": "CVE-2007-5796"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-10-29T00:00:00",
            "db": "BID",
            "id": "26286"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "date": "2007-11-02T16:12:25",
            "db": "PACKETSTORM",
            "id": "60621"
          },
          {
            "date": "2007-11-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          },
          {
            "date": "2007-11-03T00:46:00",
            "db": "NVD",
            "id": "CVE-2007-5796"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-11-15T00:38:00",
            "db": "BID",
            "id": "26286"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "date": "2007-11-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2007-5796"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Blue Coat ProxySG Management console cross-site scripting vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-002864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xss",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "60621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200711-035"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201805-1106

    Vulnerability from variot - Updated: 2024-11-23 22:55

    Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. Symantec Advanced Secure Gateway (ASG) and ProxySG Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may lead to further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1106",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "symantec",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "symantec",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "symantec",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.7,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "104282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5241"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "104282"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-5241",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-5241",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-135272",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-5241",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-5241",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-5241",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201805-972",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-135272",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135272"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5241"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles. Symantec Advanced Secure Gateway (ASG) and ProxySG Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may lead to further  attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          },
          {
            "db": "BID",
            "id": "104282"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135272"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5241",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "104282",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1040993",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-972",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-135272",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135272"
          },
          {
            "db": "BID",
            "id": "104282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5241"
          }
        ]
      },
      "id": "VAR-201805-1106",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135272"
          }
        ],
        "trust": 0.6780618366666666
      },
      "last_update_date": "2024-11-23T22:55:52.810000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SYMSA1450",
            "trust": 0.8,
            "url": "https://support.symantec.com/en_US/article.SYMSA1450.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135272"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5241"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa167"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/104282"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1040993"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5241"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5241"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135272"
          },
          {
            "db": "BID",
            "id": "104282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5241"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-135272"
          },
          {
            "db": "BID",
            "id": "104282"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5241"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135272"
          },
          {
            "date": "2018-05-23T00:00:00",
            "db": "BID",
            "id": "104282"
          },
          {
            "date": "2018-07-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          },
          {
            "date": "2018-05-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-972"
          },
          {
            "date": "2018-05-29T13:29:00.617000",
            "db": "NVD",
            "id": "CVE-2018-5241"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135272"
          },
          {
            "date": "2018-05-23T00:00:00",
            "db": "BID",
            "id": "104282"
          },
          {
            "date": "2018-07-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-972"
          },
          {
            "date": "2024-11-21T04:08:24.510000",
            "db": "NVD",
            "id": "CVE-2018-5241"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-972"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Advanced Secure Gateway and  ProxySG Vulnerabilities related to security functions",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005793"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-972"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1589

    Vulnerability from variot - Updated: 2024-11-23 22:21

    The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. ASG and ProxySG Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Both Symantec Advanced Secure Gateway and Symantec ProxySG are security gateway devices of Symantec Corporation of the United States. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1589",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4.2"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4.2"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.10.15"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7 thats all  6.7.4.2"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.5 thats all  6.5.10.15"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7 thats all  6.7.4.2"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18370"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Muzamal Abadullah, Two Sigma Investments",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-18370",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-18370",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-128923",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-18370",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-18370",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-18370",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-2124",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-128923",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18370"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. ASG and ProxySG Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Both Symantec Advanced Secure Gateway and Symantec ProxySG are security gateway devices of Symantec Corporation of the United States. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "db": "VULHUB",
            "id": "VHN-128923"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18370",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2124",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3254",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-128923",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18370"
          }
        ]
      },
      "id": "VAR-201908-1589",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128923"
          }
        ],
        "trust": 0.6780618366666666
      },
      "last_update_date": "2024-11-23T22:21:32.009000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SYMSA1472",
            "trust": 0.8,
            "url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
          },
          {
            "title": "Symantec Advanced Secure Gateway  and ProxySG Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97612"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18370"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://support.symantec.com/us/en/article.symsa1472.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18370"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18370"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/proxysg-two-vulnerabilities-30176"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3254/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18370"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-128923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18370"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-128923"
          },
          {
            "date": "2019-09-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "date": "2019-08-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          },
          {
            "date": "2019-08-30T09:15:16.567000",
            "db": "NVD",
            "id": "CVE-2018-18370"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-128923"
          },
          {
            "date": "2019-09-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          },
          {
            "date": "2019-09-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          },
          {
            "date": "2024-11-21T03:55:48.623000",
            "db": "NVD",
            "id": "CVE-2018-18370"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASG and  ProxySG Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016056"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2124"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201908-1590

    Vulnerability from variot - Updated: 2024-11-23 22:21

    The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. ASG and ProxySG Contains an information disclosure vulnerability.Information may be obtained. Both Symantec Advanced Secure Gateway and Symantec ProxySG are security gateway devices of Symantec Corporation of the United States. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1590",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4.2"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4.2"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.10.15"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7 thats all  6.7.4.2"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.5 thats all  6.5.10.15"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7 thats all  6.7.4.2"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18371"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Muzamal Abadullah, Two Sigma Investments",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-18371",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-18371",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-128924",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-18371",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-18371",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-18371",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-2133",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-128924",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18371"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. ASG and ProxySG Contains an information disclosure vulnerability.Information may be obtained. Both Symantec Advanced Secure Gateway and Symantec ProxySG are security gateway devices of Symantec Corporation of the United States. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-18371"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "db": "VULHUB",
            "id": "VHN-128924"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-18371",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2133",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3254",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-128924",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18371"
          }
        ]
      },
      "id": "VAR-201908-1590",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128924"
          }
        ],
        "trust": 0.6780618366666666
      },
      "last_update_date": "2024-11-23T22:21:31.983000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SYMSA1472",
            "trust": 0.8,
            "url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
          },
          {
            "title": "Symantec Advanced Secure Gateway  and ProxySG Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97621"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-327",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18371"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://support.symantec.com/us/en/article.symsa1472.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18371"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18371"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/proxysg-two-vulnerabilities-30176"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3254/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-128924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18371"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-128924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-18371"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-128924"
          },
          {
            "date": "2019-09-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "date": "2019-08-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          },
          {
            "date": "2019-08-30T09:15:16.660000",
            "db": "NVD",
            "id": "CVE-2018-18371"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-128924"
          },
          {
            "date": "2019-09-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          },
          {
            "date": "2020-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          },
          {
            "date": "2024-11-21T03:55:48.747000",
            "db": "NVD",
            "id": "CVE-2018-18371"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASG and  ProxySG Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-016057"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-2133"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0142

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user, to crash an application, resulting in a denial-of-service condition or to upload arbitrary files to the affected application; this can result in arbitrary code execution within the context of the vulnerable application

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0142",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5.14"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5.14"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.10.8"
          },
          {
            "model": "advanced secure gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.13"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.13"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6.5.4"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.4.107"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.3.1"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.14"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.8"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.4.107"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.3.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.14"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10258"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pankaj Kumar Thakur",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-10258",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "CVE-2016-10258",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "VHN-89016",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2016-10258",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-10258",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-10258",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1030",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89016",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10258"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. \nSuccessful exploits will allow attacker-supplied HTML and script code to  run in the context of the affected browser, potentially allowing the  attacker to steal cookie-based authentication credentials or to control  how the site is rendered to the user, to crash an application, resulting  in a denial-of-service condition or to upload arbitrary files to the  affected application; this can result in arbitrary code execution within  the context of the vulnerable application",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10258"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89016"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-10258",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "103685",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1040757",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1030",
            "trust": 0.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "47392",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-89016",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89016"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10258"
          }
        ]
      },
      "id": "VAR-201804-0142",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89016"
          }
        ],
        "trust": 0.6780618366666666
      },
      "last_update_date": "2024-11-23T22:00:37.829000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SYMSA1432",
            "trust": 0.8,
            "url": "https://support.symantec.com/en_US/article.SYMSA1432.html"
          },
          {
            "title": "Symantec Advanced Secure Gateway  and ProxySG Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98313"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-434",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89016"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10258"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa162"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103685"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1040757"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10258"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10258"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/download/47392"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89016"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10258"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-89016"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10258"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89016"
          },
          {
            "date": "2018-04-10T00:00:00",
            "db": "BID",
            "id": "103685"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "date": "2017-03-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          },
          {
            "date": "2018-04-11T14:29:00.250000",
            "db": "NVD",
            "id": "CVE-2016-10258"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89016"
          },
          {
            "date": "2018-04-10T00:00:00",
            "db": "BID",
            "id": "103685"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          },
          {
            "date": "2021-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          },
          {
            "date": "2024-11-21T02:43:40.507000",
            "db": "NVD",
            "id": "CVE-2016-10258"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Advanced Secure Gateway and  ProxySG Vulnerable to unlimited upload of dangerous types of files",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004403"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1030"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0594

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user, to crash an application, resulting in a denial-of-service condition or to upload arbitrary files to the affected application; this can result in arbitrary code execution within the context of the vulnerable application. A cross-site scripting vulnerability exists in Symantec ASG and ProxySG

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0594",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5.14"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4.107"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5.14"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4.107"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.10.8"
          },
          {
            "model": "advanced secure gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.13"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.13"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6.5.4"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.4.107"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.3.1"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.14"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.8"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.4.107"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.3.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.14"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13678"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Robert Jaroszuk @ RBS Security, Jakub Palaczynski and Pawel Bartunek.",
        "sources": [
          {
            "db": "BID",
            "id": "103685"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-13678",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2017-13678",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-104324",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2017-13678",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-13678",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-13678",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-1080",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-104324",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1080"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13678"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. \nSuccessful exploits will allow attacker-supplied HTML and script code to  run in the context of the affected browser, potentially allowing the  attacker to steal cookie-based authentication credentials or to control  how the site is rendered to the user, to crash an application, resulting  in a denial-of-service condition or to upload arbitrary files to the  affected application; this can result in arbitrary code execution within  the context of the vulnerable application. A cross-site scripting vulnerability exists in Symantec ASG and ProxySG",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "VULHUB",
            "id": "VHN-104324"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-13678",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "103685",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1040757",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1080",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-104324",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104324"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1080"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13678"
          }
        ]
      },
      "id": "VAR-201804-0594",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104324"
          }
        ],
        "trust": 0.6780618366666666
      },
      "last_update_date": "2024-11-23T22:00:37.798000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SA162",
            "trust": 0.8,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA162"
          },
          {
            "title": "Symantec Advanced Secure Gateway  and ProxySG Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155177"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1080"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13678"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa162"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103685"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1040757"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13678"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13678"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104324"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1080"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13678"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-104324"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1080"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13678"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-104324"
          },
          {
            "date": "2018-04-10T00:00:00",
            "db": "BID",
            "id": "103685"
          },
          {
            "date": "2018-06-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1080"
          },
          {
            "date": "2018-04-11T14:29:00.377000",
            "db": "NVD",
            "id": "CVE-2017-13678"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-104324"
          },
          {
            "date": "2018-04-10T00:00:00",
            "db": "BID",
            "id": "103685"
          },
          {
            "date": "2018-06-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          },
          {
            "date": "2021-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1080"
          },
          {
            "date": "2024-11-21T03:11:24.677000",
            "db": "NVD",
            "id": "CVE-2017-13678"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1080"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Advanced Secure Gateway and  ProxySG Management console cross-site scripting vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013245"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1080"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0593

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user, to crash an application, resulting in a denial-of-service condition or to upload arbitrary files to the affected application; this can result in arbitrary code execution within the context of the vulnerable application

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0593",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5.14"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6.5.14"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.3.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.10.8"
          },
          {
            "model": "advanced secure gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.13"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.13"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6.5.4"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.4.107"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.3.1"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.14"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.8"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.4.107"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.3.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.6.5.14"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13677"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Robert Jaroszuk @ RBS Security, Jakub Palaczynski and Pawel Bartunek.",
        "sources": [
          {
            "db": "BID",
            "id": "103685"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-13677",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-13677",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-104323",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-13677",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-13677",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-13677",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-1081",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-104323",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1081"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13677"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. Symantec ProxySG and ASG are prone to multiple security vulnerabilities. \nSuccessful exploits will allow attacker-supplied HTML and script code to  run in the context of the affected browser, potentially allowing the  attacker to steal cookie-based authentication credentials or to control  how the site is rendered to the user, to crash an application, resulting  in a denial-of-service condition or to upload arbitrary files to the  affected application; this can result in arbitrary code execution within  the context of the vulnerable application",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13677"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "VULHUB",
            "id": "VHN-104323"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-13677",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "103685",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1040757",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1081",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-104323",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104323"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1081"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13677"
          }
        ]
      },
      "id": "VAR-201804-0593",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104323"
          }
        ],
        "trust": 0.6780618366666666
      },
      "last_update_date": "2024-11-23T22:00:37.769000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SYMSA1432",
            "trust": 0.8,
            "url": "https://support.symantec.com/en_US/article.SYMSA1432.html"
          },
          {
            "title": "Symantec Advanced Secure Gateway  and ProxySG Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99997"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1081"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-19",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13677"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa162"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103685"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1040757"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13677"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13677"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-104323"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1081"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13677"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-104323"
          },
          {
            "db": "BID",
            "id": "103685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1081"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13677"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-104323"
          },
          {
            "date": "2018-04-10T00:00:00",
            "db": "BID",
            "id": "103685"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1081"
          },
          {
            "date": "2018-04-11T14:29:00.313000",
            "db": "NVD",
            "id": "CVE-2017-13677"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-104323"
          },
          {
            "date": "2018-04-10T00:00:00",
            "db": "BID",
            "id": "103685"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-1081"
          },
          {
            "date": "2024-11-21T03:11:24.560000",
            "db": "NVD",
            "id": "CVE-2017-13677"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1081"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Advanced Secure Gateway and  ProxySG Data processing vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013293"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-1081"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201801-0018

    Vulnerability from variot - Updated: 2024-11-23 21:53

    The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. Symantec ProxySG Contains a cross-site scripting vulnerability. This vulnerability is CVE-2016-10257 This is a different vulnerability.The information may be obtained and the information may be falsified. Symantec ProxySG is prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0018",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.2.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.10.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.5"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.5.10.6"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.5"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.6"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "102451"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10256"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jakub Palaczynski and Pawel Bartunek.",
        "sources": [
          {
            "db": "BID",
            "id": "102451"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-10256",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-10256",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-10256",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-10256",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-10256",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1032",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10256"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. Symantec ProxySG Contains a cross-site scripting vulnerability. This vulnerability is CVE-2016-10257 This is a different vulnerability.The information may be obtained and the information may be falsified. Symantec ProxySG is prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "db": "BID",
            "id": "102451"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-10256",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "102451",
            "trust": 1.9
          },
          {
            "db": "SECTRACK",
            "id": "1040138",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1032",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "102451"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10256"
          }
        ]
      },
      "id": "VAR-201801-0018",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.57761907
      },
      "last_update_date": "2024-11-23T21:53:31.377000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SA155",
            "trust": 0.8,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
          },
          {
            "title": "Symantec ProxySG Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155176"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10256"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.securitytracker.com/id/1040138"
          },
          {
            "trust": 1.6,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/102451"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10256"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10256"
          },
          {
            "trust": 0.3,
            "url": "https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "102451"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10256"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "102451"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10256"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-09T00:00:00",
            "db": "BID",
            "id": "102451"
          },
          {
            "date": "2018-02-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "date": "2017-03-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          },
          {
            "date": "2018-01-10T02:29:31.833000",
            "db": "NVD",
            "id": "CVE-2016-10256"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-09T00:00:00",
            "db": "BID",
            "id": "102451"
          },
          {
            "date": "2018-02-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          },
          {
            "date": "2021-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          },
          {
            "date": "2024-11-21T02:43:40.283000",
            "db": "NVD",
            "id": "CVE-2016-10256"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec ProxySG Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001361"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1032"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201801-0019

    Vulnerability from variot - Updated: 2024-11-23 21:53

    The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. This vulnerability CVE-2016-10256 Is a different vulnerability.Information may be obtained and information may be altered. Symantec AdvancedSecureGateway (ASG) and ProxySG are security gateway devices from Symantec Corporation of the United States. Managementconsole is one of the management consoles. Symantec ProxySG and ASG are prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0019",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 2.0,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 2.0,
            "vendor": "symantec",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.2.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.6"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.5.10.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.5.10.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.7\u003c6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.5\u003c6.5.10.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "symantec",
            "version": "6.7\u003c6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.5"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.7"
          },
          {
            "model": "advanced secure gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bluecoat",
            "version": "6.6"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          },
          {
            "model": "proxysg",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.5.10.6"
          },
          {
            "model": "advanced secure gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "6.7.2.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "db": "BID",
            "id": "102447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10257"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jakub Palaczynski and Pawel Bartunek.",
        "sources": [
          {
            "db": "BID",
            "id": "102447"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-10257",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-10257",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2018-04070",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-89015",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-10257",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-10257",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-10257",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-04070",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1031",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89015",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10257"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. This vulnerability CVE-2016-10256 Is a different vulnerability.Information may be obtained and information may be altered. Symantec AdvancedSecureGateway (ASG) and ProxySG are security gateway devices from Symantec Corporation of the United States. Managementconsole is one of the management consoles. Symantec ProxySG and ASG are prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "db": "BID",
            "id": "102447"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89015"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-10257",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "102447",
            "trust": 2.6
          },
          {
            "db": "SECTRACK",
            "id": "1040138",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1031",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-89015",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89015"
          },
          {
            "db": "BID",
            "id": "102447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10257"
          }
        ]
      },
      "id": "VAR-201801-0019",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89015"
          }
        ],
        "trust": 1.2780618366666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:53:31.272000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SA155",
            "trust": 0.8,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
          },
          {
            "title": "Patch for Symantec ASG and ProxySG Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/119469"
          },
          {
            "title": "Symantec Advanced Secure Gateway  and ProxySG Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155175"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89015"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10257"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/102447"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1040138"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10257"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10257"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89015"
          },
          {
            "db": "BID",
            "id": "102447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10257"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89015"
          },
          {
            "db": "BID",
            "id": "102447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10257"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "date": "2018-01-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89015"
          },
          {
            "date": "2018-01-09T00:00:00",
            "db": "BID",
            "id": "102447"
          },
          {
            "date": "2018-02-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "date": "2017-03-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          },
          {
            "date": "2018-01-10T02:29:31.880000",
            "db": "NVD",
            "id": "CVE-2016-10257"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-04070"
          },
          {
            "date": "2021-07-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89015"
          },
          {
            "date": "2018-01-09T00:00:00",
            "db": "BID",
            "id": "102447"
          },
          {
            "date": "2018-02-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          },
          {
            "date": "2021-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          },
          {
            "date": "2024-11-21T02:43:40.397000",
            "db": "NVD",
            "id": "CVE-2016-10257"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Symantec Advanced Secure Gateway and  ProxySG Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-001362"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1031"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-0834

    Vulnerability from variot - Updated: 2024-11-23 21:35

    The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Broadcom Advanced Secure Gateway and ProxySG are both secure Web gateway devices from Broadcom Corporation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0834",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "7.2.0.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4.10"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4"
          },
          {
            "model": "symantec proxysg",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4.10"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "7.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "7.2.0.1"
          },
          {
            "model": "advanced secure gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "7.1"
          },
          {
            "model": "symantec proxysg",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": "6.7.4"
          },
          {
            "model": "advanced secure gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": null,
            "trust": 0.8,
            "vendor": "symantec",
            "version": null
          },
          {
            "model": "advanced secure gateway",
            "scope": null,
            "trust": 0.6,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": "proxysg",
            "scope": null,
            "trust": 0.6,
            "vendor": "broadcom",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18375"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:proxysg",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Balazs Hambalko",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-18375",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-18375",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015289",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-22988",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-150715",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-18375",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-015289",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-18375",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-015289",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-22988",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-563",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-150715",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150715"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18375"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Broadcom Advanced Secure Gateway and ProxySG are both secure Web gateway devices from Broadcom Corporation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150715"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-18375",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22988",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-563",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-150715",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150715"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18375"
          }
        ]
      },
      "id": "VAR-202004-0834",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150715"
          }
        ],
        "trust": 1.2780618366666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:58.830000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SYMSA1752",
            "trust": 0.8,
            "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752"
          },
          {
            "title": "Patch for Broadcom ProxySG and Advanced Secure Gateway session hijacking vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/213949"
          },
          {
            "title": "Broadcom ProxySG  and Advanced Secure Gateway Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115754"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-18375"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationid=symsa1752"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18375"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18375"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/proxysg-privilege-escalation-via-session-hijacking-31992"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-150715"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18375"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150715"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-18375"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          },
          {
            "date": "2020-04-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-150715"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          },
          {
            "date": "2020-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          },
          {
            "date": "2020-04-10T00:15:11.160000",
            "db": "NVD",
            "id": "CVE-2019-18375"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22988"
          },
          {
            "date": "2021-07-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-150715"
          },
          {
            "date": "2020-04-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          },
          {
            "date": "2020-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          },
          {
            "date": "2024-11-21T04:33:09.620000",
            "db": "NVD",
            "id": "CVE-2019-18375"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ASG and  ProxySG management console Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-015289"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-563"
          }
        ],
        "trust": 0.6
      }
    }