CVE-2013-4671

Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:symantec:web_gateway:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:web_gateway:5.0.3.18:*:*:*:*:*:*:*
OR cpe:2.3:h:symantec:web_gateway_appliance_8450:-:*:*:*:*:*:*:*
cpe:2.3:h:symantec:web_gateway_appliance_8490:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:56

Type Values Removed Values Added
References () http://osvdb.org/95699 - () http://osvdb.org/95699 -
References () http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html - () http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html -
References () http://www.securityfocus.com/bid/61102 - () http://www.securityfocus.com/bid/61102 -
References () http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00 - () http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00 -
References () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt - () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt -

Information

Published : 2013-08-01 13:32

Updated : 2024-11-21 01:56


NVD link : CVE-2013-4671

Mitre link : CVE-2013-4671

CVE.ORG link : CVE-2013-4671


JSON object : View

Products Affected

symantec

  • web_gateway_appliance_8490
  • web_gateway
  • web_gateway_appliance_8450
CWE
CWE-352

Cross-Site Request Forgery (CSRF)