Sign-up

ID

VAR-201509-0303


CVE

CVE-2015-6548


TITLE

Symantec Web Gateway Management console running on the appliance software PHP In the script SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-004902

DESCRIPTION

Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Symantec Web Gateway is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Trust: 1.98

sources: NVD: CVE-2015-6548 // JVNDB: JVNDB-2015-004902 // BID: 76729 // VULHUB: VHN-84509

AFFECTED PRODUCTS

vendor:symantecmodel:web gatewayscope:lteversion:5.2.2

Trust: 1.0

vendor:symantecmodel:web gatewayscope:eqversion:5.2.2

Trust: 0.9

vendor:symantecmodel:web gatewayscope:ltversion:5.2.2 db 5.0.0.1277

Trust: 0.8

vendor:symantecmodel:web gatewayscope:eqversion:5.2.1

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.2

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.1.1

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.1.0

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0.3.18

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0.3.17

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0.3

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0.2.18

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0.2

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0.1

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:4.5.0.376

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:4.5

Trust: 0.3

vendor:symantecmodel:web gateway db updatescope:neversion:5.2.25.0.

Trust: 0.3

sources: BID: 76729 // JVNDB: JVNDB-2015-004902 // CNNVD: CNNVD-201509-251 // NVD: CVE-2015-6548

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6548
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6548
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-251
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84509
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6548
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84509
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84509 // JVNDB: JVNDB-2015-004902 // CNNVD: CNNVD-201509-251 // NVD: CVE-2015-6548

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-84509 // JVNDB: JVNDB-2015-004902 // NVD: CVE-2015-6548

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-251

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201509-251

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004902

PATCH
title:SYM15-009url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004902

EXTERNAL IDS
db:NVDid:CVE-2015-6548
Trust: 2.8
db:BIDid:76729
Trust: 2.0
db:SECTRACKid:1033625
Trust: 1.1
db:JVNDBid:JVNDB-2015-004902
Trust: 0.8
db:CNNVDid:CNNVD-201509-251
Trust: 0.7
db:VULHUBid:VHN-84509
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84509 // 
            
            
            
            BID: 76729 // 
            
            
            
            JVNDB: JVNDB-2015-004902 // 
            
            
            
            CNNVD: CNNVD-201509-251 // 
            
            
            
            NVD: CVE-2015-6548

REFERENCES
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Trust: 1.9
url:http://www.securityfocus.com/bid/76729
Trust: 1.7
url:http://www.securitytracker.com/id/1033625
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6548
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6548
Trust: 0.8
url:http://www.symantec.com
Trust: 0.3
url:http://www.symantec.com/business/web-gateway
Trust: 0.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84509 // 
            
            
            
            BID: 76729 // 
            
            
            
            JVNDB: JVNDB-2015-004902 // 
            
            
            
            CNNVD: CNNVD-201509-251 // 
            
            
            
            NVD: CVE-2015-6548

CREDITS
Daniel Jensen working with Security-Assessment.com
Trust: 0.9
sources:
            
            
            BID: 76729 // 
            
            
            
            CNNVD: CNNVD-201509-251

SOURCES
db:VULHUBid:VHN-84509
db:BIDid:76729
db:JVNDBid:JVNDB-2015-004902
db:CNNVDid:CNNVD-201509-251
db:NVDid:CVE-2015-6548

LAST UPDATE DATE
2024-11-23T22:08:00.565000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84509date:2016-12-22T00:00:00
db:BIDid:76729date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004902date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-251date:2015-09-21T00:00:00
db:NVDid:CVE-2015-6548date:2024-11-21T02:35:12.057

SOURCES RELEASE DATE
db:VULHUBid:VHN-84509date:2015-09-20T00:00:00
db:BIDid:76729date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004902date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-251date:2015-09-18T00:00:00
db:NVDid:CVE-2015-6548date:2015-09-20T20:59:10.477