CVE-2014-1651

SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/719172
http://www.securityfocus.com/bid/67754
http://www.securitytracker.com/id/1030443
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:web_gateway::::::::
	cpe:2.3:a:symantec:web_gateway:5.1:::::::*

History

No history.

Information

Published : 2014-06-18 19:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-1651

Mitre link : CVE-2014-1651

CVE.ORG link : CVE-2014-1651

JSON object : View

Products Affected

symantec

web_gateway

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2014-1651", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-06-18T19:55:04.560", "references": [{"url": "http://www.kb.cert.org/vuls/id/719172", "source": "secure@symantec.com"}, {"url": "http://www.securityfocus.com/bid/67754", "source": "secure@symantec.com"}, {"url": "http://www.securitytracker.com/id/1030443", "source": "secure@symantec.com"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00", "source": "secure@symantec.com"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en clientreport.php en la consola de gesti\u00f3n en Symantec Web Gateway (SWG) anterior a 5.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-12-28T02:29:01.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C46F03C-FE3F-4939-90FA-7D454686778F", "versionEndIncluding": "5.1.1"}, {"criteria": "cpe:2.3:a:symantec:web_gateway:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1761BFB-3F97-43C5-BDCE-7D87F5E5D1F5"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}