Details of VAR-201406-0181

ID

VAR-201406-0181

CVE

CVE-2014-1651

TITLE

Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#719172

DESCRIPTION

SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more

Trust: 2.7

sources: NVD: CVE-2014-1651 // CERT/CC: VU#719172 // JVNDB: JVNDB-2014-002997 // BID: 67754 // VULHUB: VHN-69590

AFFECTED PRODUCTS

vendor:	symantec	model:	web gateway	scope:	eq	version:	5.1	Trust: 1.6
vendor:	symantec	model:	web gateway	scope:	lte	version:	5.1.1	Trust: 1.0
vendor:	symantec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	web gateway	scope:	lt	version:	5.2	Trust: 0.8
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.1.1	Trust: 0.6

sources: CERT/CC: VU#719172 // JVNDB: JVNDB-2014-002997 // CNNVD: CNNVD-201406-429 // NVD: CVE-2014-1651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1651
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-1651
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201406-429
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-69590
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-1651
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-69590
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-69590 // JVNDB: JVNDB-2014-002997 // CNNVD: CNNVD-201406-429 // NVD: CVE-2014-1651

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-69590 // JVNDB: JVNDB-2014-002997 // NVD: CVE-2014-1651

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201406-429

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201406-429

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002997

PATCH

title:	SYM14-010	url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00	Trust: 0.8
title:	SYM14-010	url:	http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140616_00	Trust: 0.8

sources: JVNDB: JVNDB-2014-002997

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1651	Trust: 2.8
db:	CERT/CC	id:	VU#719172	Trust: 2.7
db:	BID	id:	67754	Trust: 2.0
db:	SECTRACK	id:	1030443	Trust: 1.1
db:	JVN	id:	JVNVU92933933	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-002997	Trust: 0.8
db:	CNNVD	id:	CNNVD-201406-429	Trust: 0.7
db:	VULHUB	id:	VHN-69590	Trust: 0.1

sources: CERT/CC: VU#719172 // VULHUB: VHN-69590 // BID: 67754 // JVNDB: JVNDB-2014-002997 // CNNVD: CNNVD-201406-429 // NVD: CVE-2014-1651

REFERENCES

url:	http://www.kb.cert.org/vuls/id/719172	Trust: 1.9
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00	Trust: 1.8
url:	http://www.securityfocus.com/bid/67754	Trust: 1.7
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00	Trust: 1.6
url:	http://www.securitytracker.com/id/1030443	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1651	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92933933/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1651	Trust: 0.8
url:	http://www.symantec.com	Trust: 0.3
url:	http://www.symantec.com/business/web-gateway	Trust: 0.3
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00	Trust: 0.1
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00	Trust: 0.1

sources: CERT/CC: VU#719172 // VULHUB: VHN-69590 // BID: 67754 // JVNDB: JVNDB-2014-002997 // CNNVD: CNNVD-201406-429 // NVD: CVE-2014-1651

CREDITS

Min1214 of INFOSEC Inc

Trust: 0.3

sources: BID: 67754

SOURCES

db:	CERT/CC	id:	VU#719172
db:	VULHUB	id:	VHN-69590
db:	BID	id:	67754
db:	JVNDB	id:	JVNDB-2014-002997
db:	CNNVD	id:	CNNVD-201406-429
db:	NVD	id:	CVE-2014-1651

LAST UPDATE DATE

2024-11-23T21:45:09.811000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#719172	date:	2014-06-17T00:00:00
db:	VULHUB	id:	VHN-69590	date:	2017-12-28T00:00:00
db:	BID	id:	67754	date:	2014-06-18T00:04:00
db:	JVNDB	id:	JVNDB-2014-002997	date:	2014-06-23T00:00:00
db:	CNNVD	id:	CNNVD-201406-429	date:	2014-06-20T00:00:00
db:	NVD	id:	CVE-2014-1651	date:	2024-11-21T02:04:46.930

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#719172	date:	2014-06-17T00:00:00
db:	VULHUB	id:	VHN-69590	date:	2014-06-18T00:00:00
db:	BID	id:	67754	date:	2014-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-002997	date:	2014-06-23T00:00:00
db:	CNNVD	id:	CNNVD-201406-429	date:	2014-06-20T00:00:00
db:	NVD	id:	CVE-2014-1651	date:	2014-06-18T19:55:04.560