CVE-2013-1617

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

Published: Aug 1, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1617
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.4
AV:A/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
symantec / web_gateway	-	5.1.x
symantec / web_gateway	5.0	5.0.x
symantec / web_gateway	5.0.1	5.0.1.x
symantec / web_gateway	5.0.2	5.0.2.x
symantec / web_gateway	5.0.3	5.0.3.x
symantec / web_gateway	5.0.3.18	5.0.3.18.x

http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html
http://www.securityfocus.com/bid/61101
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt

Vulnerability Database

289,689

CVE-2013-1617