Sign-up

ID

VAR-201402-0108


CVE

CVE-2013-5012


TITLE

Symantec Web Gateway In a management console running on the appliance SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-006025

DESCRIPTION

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Symantec Web Gateway is a Web security gateway hardware appliance. In the version of Symantec Web Gateway 5.1.1, an attacker could exploit this vulnerability to access or modify data due to insufficient filtering of user-supplied data. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more

Trust: 2.52

sources: NVD: CVE-2013-5012 // JVNDB: JVNDB-2013-006025 // CNVD: CNVD-2014-00732 // BID: 65404 // VULHUB: VHN-65014

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00732

AFFECTED PRODUCTS

vendor:symantecmodel:web gatewayscope:eqversion:5.1.1

Trust: 1.2

vendor:symantecmodel:web gatewayscope:lteversion:5.1.1

Trust: 1.0

vendor:symantecmodel:web gatewayscope:ltversion:5.2

Trust: 0.8

sources: CNVD: CNVD-2014-00732 // JVNDB: JVNDB-2013-006025 // CNNVD: CNNVD-201402-108 // NVD: CVE-2013-5012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5012
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5012
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00732
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201402-108
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65014
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5012
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00732
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65014
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00732 // VULHUB: VHN-65014 // JVNDB: JVNDB-2013-006025 // CNNVD: CNNVD-201402-108 // NVD: CVE-2013-5012

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-65014 // JVNDB: JVNDB-2013-006025 // NVD: CVE-2013-5012

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-108

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201402-108

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006025

PATCH
title:SYM14-003url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
Trust: 0.8
title:SYM14-003url:http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
Trust: 0.8
title:Symantec Web Gateway has multiple patches for SQL injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/43389
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00732 // 
            
            
            
            JVNDB: JVNDB-2013-006025

EXTERNAL IDS
db:NVDid:CVE-2013-5012
Trust: 3.4
db:BIDid:65404
Trust: 2.6
db:JVNDBid:JVNDB-2013-006025
Trust: 0.8
db:CNNVDid:CNNVD-201402-108
Trust: 0.7
db:CNVDid:CNVD-2014-00732
Trust: 0.6
db:SECUNIAid:56895
Trust: 0.6
db:VULHUBid:VHN-65014
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00732 // 
            
            
            
            VULHUB: VHN-65014 // 
            
            
            
            BID: 65404 // 
            
            
            
            JVNDB: JVNDB-2013-006025 // 
            
            
            
            CNNVD: CNNVD-201402-108 // 
            
            
            
            NVD: CVE-2013-5012

REFERENCES
url:http://www.securityfocus.com/bid/65404
Trust: 2.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5012
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5012
Trust: 0.8
url:http://secunia.com/advisories/56895
Trust: 0.6
url:http://www.symantec.com/business/web-gateway
Trust: 0.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00732 // 
            
            
            
            VULHUB: VHN-65014 // 
            
            
            
            BID: 65404 // 
            
            
            
            JVNDB: JVNDB-2013-006025 // 
            
            
            
            CNNVD: CNNVD-201402-108 // 
            
            
            
            NVD: CVE-2013-5012

CREDITS
Shaun Bertrand of Creative Breakthroughs Inc
Trust: 0.3
sources:
            
            
            BID: 65404

SOURCES
db:CNVDid:CNVD-2014-00732
db:VULHUBid:VHN-65014
db:BIDid:65404
db:JVNDBid:JVNDB-2013-006025
db:CNNVDid:CNNVD-201402-108
db:NVDid:CVE-2013-5012

LAST UPDATE DATE
2025-04-11T23:07:14.177000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00732date:2014-02-20T00:00:00
db:VULHUBid:VHN-65014date:2014-02-11T00:00:00
db:BIDid:65404date:2014-02-10T00:00:00
db:JVNDBid:JVNDB-2013-006025date:2014-02-12T00:00:00
db:CNNVDid:CNNVD-201402-108date:2014-02-13T00:00:00
db:NVDid:CVE-2013-5012date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00732date:2014-02-12T00:00:00
db:VULHUBid:VHN-65014date:2014-02-11T00:00:00
db:BIDid:65404date:2014-02-10T00:00:00
db:JVNDBid:JVNDB-2013-006025date:2014-02-12T00:00:00
db:CNNVDid:CNNVD-201402-108date:2014-02-13T00:00:00
db:NVDid:CVE-2013-5012date:2014-02-11T02:55:08.587