Sign-up

ID

VAR-201406-0180


CVE

CVE-2014-1650


TITLE

Symantec Web Gateway Management console user.php In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002996

DESCRIPTION

SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to Symantec Web Gateway 5.2.1 are vulnerable. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more

Trust: 2.07

sources: NVD: CVE-2014-1650 // JVNDB: JVNDB-2014-002996 // BID: 67753 // VULHUB: VHN-69589 // VULMON: CVE-2014-1650

AFFECTED PRODUCTS

vendor:symantecmodel:web gatewayscope:lteversion:5.2

Trust: 1.0

vendor:symantecmodel:web gatewayscope:ltversion:5.2.1

Trust: 0.8

vendor:symantecmodel:web gatewayscope:eqversion:5.2

Trust: 0.6

sources: JVNDB: JVNDB-2014-002996 // CNNVD: CNNVD-201406-428 // NVD: CVE-2014-1650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1650
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1650
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201406-428
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69589
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-1650
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1650
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-69589
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69589 // VULMON: CVE-2014-1650 // JVNDB: JVNDB-2014-002996 // CNNVD: CNNVD-201406-428 // NVD: CVE-2014-1650

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-69589 // JVNDB: JVNDB-2014-002996 // NVD: CVE-2014-1650

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201406-428

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201406-428

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002996

PATCH
title:SYM14-010url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Trust: 0.8
title:SYM14-010url:http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140616_00
Trust: 0.8
title:Symantec Security Advisories: Symantec Web Gateway Security Issuesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=ae93a6e062f640e967dde2cfc2888367
Trust: 0.1
sources:
            
            
            VULMON: CVE-2014-1650 // 
            
            
            
            JVNDB: JVNDB-2014-002996

EXTERNAL IDS
db:NVDid:CVE-2014-1650
Trust: 2.9
db:BIDid:67753
Trust: 2.1
db:SECTRACKid:1030443
Trust: 1.2
db:JVNDBid:JVNDB-2014-002996
Trust: 0.8
db:CNNVDid:CNNVD-201406-428
Trust: 0.7
db:VULHUBid:VHN-69589
Trust: 0.1
db:VULMONid:CVE-2014-1650
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69589 // 
            
            
            
            VULMON: CVE-2014-1650 // 
            
            
            
            BID: 67753 // 
            
            
            
            JVNDB: JVNDB-2014-002996 // 
            
            
            
            CNNVD: CNNVD-201406-428 // 
            
            
            
            NVD: CVE-2014-1650

REFERENCES
url:http://www.securityfocus.com/bid/67753
Trust: 1.9
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Trust: 1.7
url:http://www.securitytracker.com/id/1030443
Trust: 1.2
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1650
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1650
Trust: 0.8
url:http://www.symantec.com
Trust: 0.3
url:http://www.symantec.com/business/web-gateway
Trust: 0.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140616_00
Trust: 0.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
Trust: 0.1
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.symantec.com/en_us/article.symsa1297.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69589 // 
            
            
            
            VULMON: CVE-2014-1650 // 
            
            
            
            BID: 67753 // 
            
            
            
            JVNDB: JVNDB-2014-002996 // 
            
            
            
            CNNVD: CNNVD-201406-428 // 
            
            
            
            NVD: CVE-2014-1650

CREDITS
Brandon Perry working through HP Zero Day Initiative (ZDI)
Trust: 0.3
sources:
            
            
            BID: 67753

SOURCES
db:VULHUBid:VHN-69589
db:VULMONid:CVE-2014-1650
db:BIDid:67753
db:JVNDBid:JVNDB-2014-002996
db:CNNVDid:CNNVD-201406-428
db:NVDid:CVE-2014-1650

LAST UPDATE DATE
2025-04-13T23:22:37.946000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69589date:2017-12-28T00:00:00
db:VULMONid:CVE-2014-1650date:2017-12-28T00:00:00
db:BIDid:67753date:2014-06-16T00:00:00
db:JVNDBid:JVNDB-2014-002996date:2014-06-23T00:00:00
db:CNNVDid:CNNVD-201406-428date:2014-06-20T00:00:00
db:NVDid:CVE-2014-1650date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-69589date:2014-06-18T00:00:00
db:VULMONid:CVE-2014-1650date:2014-06-18T00:00:00
db:BIDid:67753date:2014-06-16T00:00:00
db:JVNDBid:JVNDB-2014-002996date:2014-06-23T00:00:00
db:CNNVDid:CNNVD-201406-428date:2014-06-20T00:00:00
db:NVDid:CVE-2014-1650date:2014-06-18T19:55:04.497