Vulnerability CVE-2009-0063

Vulnerability Name:

CVE-2009-0063 (CCN-50074)

Assigned:

2009-04-23

Published:

2009-04-23

Updated:

2017-08-08

Summary:

Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-0063

Source: OSVDB
Type: UNKNOWN
53944

Source: CCN
Type: SA34885
Symantec Brightmail Gateway Control Center Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
34885

Source: CCN
Type: SECTRACK ID: 1022116
Symantec Brightmail Input Validation Flaw in Brightmail Control Center Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: Patch
1022116

Source: CCN
Type: OSVDB ID: 53944
Symantec Brightmail Gateway Control Center Unspecified XSS

Source: BID
Type: UNKNOWN
34641

Source: CCN
Type: BID-34641
Symantec Brightmail Gateway Control Center Cross Site Scripting Vulnerability

Source: CCN
Type: SYM09-005
Symantec Brightmail Gateway Appliance Cross-site Scripting and Elevation of Privilege

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1155

Source: XF
Type: UNKNOWN
brightmail-controlcenter-xss(50074)

Source: XF
Type: UNKNOWN
brightmail-controlcenter-xss(50074)

Vulnerable Configuration:

Configuration 1:

cpe:/h:symantec:brightmail_gateway_appliance:7.5:*:*:*:*:*:*:*

OR cpe:/h:symantec:brightmail_gateway_appliance:7.6:*:*:*:*:*:*:*

OR cpe:/h:symantec:brightmail_gateway_appliance:7.7:*:*:*:*:*:*:*

OR cpe:/h:symantec:brightmail_gateway_appliance:*:*:*:*:*:*:*:* (Version <= 8.0)

Configuration CCN 1:

cpe:/a:symantec:brightmail_gateway:8.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK