Vulnerability Name: | CVE-2010-0115 (CCN-64658) | ||||||||
Assigned: | 2009-12-31 | ||||||||
Published: | 2011-01-12 | ||||||||
Updated: | 2017-08-17 | ||||||||
Summary: | SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-89 | ||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||
References: | Source: MITRE Type: CNA CVE-2010-0115 Source: OSVDB Type: UNKNOWN 70415 Source: CCN Type: SA42878 Symantec Web Gateway Management Interface USERNAME SQL Injection Source: SECUNIA Type: Vendor Advisory 42878 Source: CCN Type: SECTRACK ID: 1024958 Symantec Web Gateway Input Validation Flaw Lets Remote Users Inject SQL Commands Source: CCN Type: OSVDB ID: 70415 Symantec Web Gateway login.php USERNAME Parameter SQL Injection Source: BID Type: UNKNOWN 45742 Source: CCN Type: BID-45742 Symantec Web Gateway Management GUI SQL Injection Vulnerability Source: SECTRACK Type: UNKNOWN 1024958 Source: CCN Type: SYM11-001 Symantec Web Gateway Blind SQL Injection Source: CONFIRM Type: UNKNOWN http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110112_00 Source: VUPEN Type: Vendor Advisory ADV-2011-0088 Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-11-013/ Source: XF Type: UNKNOWN symantec-web-username-sql-injection(64658) Source: XF Type: UNKNOWN symantec-web-username-sql-injection(64658) Source: CCN Type: ZDI-11-013 Symantec Web Gateway Management Interface USERNAME Blind SQL Injection Remote Code Execution Vulnerability | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |