Sign-up

ID

VAR-201406-0182


CVE

CVE-2014-1652


TITLE

Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#719172

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more

Trust: 2.7

sources: NVD: CVE-2014-1652 // CERT/CC: VU#719172 // JVNDB: JVNDB-2014-002998 // BID: 67755 // VULHUB: VHN-69591

AFFECTED PRODUCTS

vendor:symantecmodel:web gatewayscope:eqversion:5.1

Trust: 1.6

vendor:symantecmodel:web gatewayscope:lteversion:5.1.1

Trust: 1.0

vendor:symantecmodel: - scope: - version: -

Trust: 0.8

vendor:symantecmodel:web gatewayscope:ltversion:5.2

Trust: 0.8

vendor:symantecmodel:web gatewayscope:eqversion:5.1.1

Trust: 0.6

sources: CERT/CC: VU#719172 // JVNDB: JVNDB-2014-002998 // CNNVD: CNNVD-201406-430 // NVD: CVE-2014-1652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1652
value: LOW

Trust: 1.0

NVD: CVE-2014-1652
value: LOW

Trust: 0.8

CNNVD: CNNVD-201406-430
value: LOW

Trust: 0.6

VULHUB: VHN-69591
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2014-1652
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-1652
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-69591
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69591 // JVNDB: JVNDB-2014-002998 // CNNVD: CNNVD-201406-430 // NVD: CVE-2014-1652

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-69591 // JVNDB: JVNDB-2014-002998 // NVD: CVE-2014-1652

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201406-430

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201406-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002998

PATCH
title:SYM14-010url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Trust: 0.8
title:SYM14-010url:http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140616_00
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002998

EXTERNAL IDS
db:NVDid:CVE-2014-1652
Trust: 2.8
db:CERT/CCid:VU#719172
Trust: 2.7
db:BIDid:67755
Trust: 2.0
db:SECTRACKid:1030443
Trust: 1.1
db:JVNid:JVNVU92933933
Trust: 0.8
db:JVNDBid:JVNDB-2014-002998
Trust: 0.8
db:CNNVDid:CNNVD-201406-430
Trust: 0.7
db:VULHUBid:VHN-69591
Trust: 0.1
sources:
            
            
            CERT/CC: VU#719172 // 
            
            
            
            VULHUB: VHN-69591 // 
            
            
            
            BID: 67755 // 
            
            
            
            JVNDB: JVNDB-2014-002998 // 
            
            
            
            CNNVD: CNNVD-201406-430 // 
            
            
            
            NVD: CVE-2014-1652

REFERENCES
url:http://www.kb.cert.org/vuls/id/719172
Trust: 1.9
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
Trust: 1.8
url:http://www.securityfocus.com/bid/67755
Trust: 1.7
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Trust: 1.6
url:http://www.securitytracker.com/id/1030443
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1652
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92933933/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1652
Trust: 0.8
url:http://www.symantec.com/business/web-gateway
Trust: 0.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
Trust: 0.1
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Trust: 0.1
sources:
            
            
            CERT/CC: VU#719172 // 
            
            
            
            VULHUB: VHN-69591 // 
            
            
            
            BID: 67755 // 
            
            
            
            JVNDB: JVNDB-2014-002998 // 
            
            
            
            CNNVD: CNNVD-201406-430 // 
            
            
            
            NVD: CVE-2014-1652

CREDITS
Min1214 of INFOSEC Inc
Trust: 0.3
sources:
            
            
            BID: 67755

SOURCES
db:CERT/CCid:VU#719172
db:VULHUBid:VHN-69591
db:BIDid:67755
db:JVNDBid:JVNDB-2014-002998
db:CNNVDid:CNNVD-201406-430
db:NVDid:CVE-2014-1652

LAST UPDATE DATE
2025-04-13T23:22:37.846000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#719172date:2014-06-17T00:00:00
db:VULHUBid:VHN-69591date:2017-12-28T00:00:00
db:BIDid:67755date:2014-06-18T00:04:00
db:JVNDBid:JVNDB-2014-002998date:2014-06-23T00:00:00
db:CNNVDid:CNNVD-201406-430date:2014-06-20T00:00:00
db:NVDid:CVE-2014-1652date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#719172date:2014-06-17T00:00:00
db:VULHUBid:VHN-69591date:2014-06-18T00:00:00
db:BIDid:67755date:2014-06-16T00:00:00
db:JVNDBid:JVNDB-2014-002998date:2014-06-23T00:00:00
db:CNNVDid:CNNVD-201406-430date:2014-06-20T00:00:00
db:NVDid:CVE-2014-1652date:2014-06-18T19:55:04.623