Sign-up

ID

VAR-201904-0236


CVE

CVE-2019-9696


TITLE

Symantec VIP Enterprise Gateway Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-16056 // CNNVD: CNNVD-201904-159

DESCRIPTION

Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. SymantecVIPEnterpriseGateway is an enterprise security gateway product from Symantec Corporation of the United States. A cross-site scripting vulnerability exists in SymantecVIPEnterpriseGateway that stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 2.52

sources: NVD: CVE-2019-9696 // JVNDB: JVNDB-2019-003290 // CNVD: CNVD-2019-16056 // BID: 107692 // VULHUB: VHN-161131

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-16056

AFFECTED PRODUCTS

vendor:symantecmodel:vip enterprise gatewayscope: - version: -

Trust: 1.4

vendor:symantecmodel:vip enterprise gatewayscope:ltversion:9.8.4

Trust: 1.0

vendor:symantecmodel:vip enterprise gatewayscope:gteversion:9.8

Trust: 1.0

vendor:symantecmodel:vip enterprise gatewayscope:eqversion:9.7

Trust: 1.0

vendor:symantecmodel:vip enterprise gatewayscope:eqversion:9.8.4

Trust: 0.3

vendor:symantecmodel:vip enterprise gatewayscope:eqversion:9.7.1

Trust: 0.3

sources: CNVD: CNVD-2019-16056 // BID: 107692 // JVNDB: JVNDB-2019-003290 // NVD: CVE-2019-9696

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9696
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-9696
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-16056
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201904-159
value: MEDIUM

Trust: 0.6

VULHUB: VHN-161131
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9696
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-16056
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-161131
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9696
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-16056 // VULHUB: VHN-161131 // JVNDB: JVNDB-2019-003290 // CNNVD: CNNVD-201904-159 // NVD: CVE-2019-9696

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-161131 // JVNDB: JVNDB-2019-003290 // NVD: CVE-2019-9696

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-159

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201904-159

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003290

PATCH
title:SYMSA1477url:https://support.symantec.com/en_US/article.SYMSA1477.html
Trust: 0.8
title:Patch for SymantecVIPEnterpriseGateway Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/162495
Trust: 0.6
title:Symantec VIP Enterprise Gateway Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91085
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-16056 // 
            
            
            
            JVNDB: JVNDB-2019-003290 // 
            
            
            
            CNNVD: CNNVD-201904-159

EXTERNAL IDS
db:NVDid:CVE-2019-9696
Trust: 3.4
db:BIDid:107692
Trust: 2.6
db:JVNDBid:JVNDB-2019-003290
Trust: 0.8
db:CNNVDid:CNNVD-201904-159
Trust: 0.7
db:BIDid:107692107692
Trust: 0.6
db:CNVDid:CNVD-2019-16056
Trust: 0.6
db:AUSCERTid:ESB-2019.1134
Trust: 0.6
db:VULHUBid:VHN-161131
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-16056 // 
            
            
            
            VULHUB: VHN-161131 // 
            
            
            
            BID: 107692 // 
            
            
            
            JVNDB: JVNDB-2019-003290 // 
            
            
            
            CNNVD: CNNVD-201904-159 // 
            
            
            
            NVD: CVE-2019-9696

REFERENCES
url:http://www.securityfocus.com/bid/107692
Trust: 2.9
url:https://support.symantec.com/en_us/article.symsa1477.html
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-9696
Trust: 1.4
url:http://www.symantec.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9696
Trust: 0.8
url:http://support.symantec.com/content/unifiedweb/en
Trust: 0.6
url:https://www.auscert.org.au/bulletins/78410
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-16056 // 
            
            
            
            VULHUB: VHN-161131 // 
            
            
            
            BID: 107692 // 
            
            
            
            JVNDB: JVNDB-2019-003290 // 
            
            
            
            CNNVD: CNNVD-201904-159 // 
            
            
            
            NVD: CVE-2019-9696

CREDITS
Abel Iglesias
Trust: 0.9
sources:
            
            
            BID: 107692 // 
            
            
            
            CNNVD: CNNVD-201904-159

SOURCES
db:CNVDid:CNVD-2019-16056
db:VULHUBid:VHN-161131
db:BIDid:107692
db:JVNDBid:JVNDB-2019-003290
db:CNNVDid:CNNVD-201904-159
db:NVDid:CVE-2019-9696

LAST UPDATE DATE
2024-11-23T22:21:43.886000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-16056date:2019-05-30T00:00:00
db:VULHUBid:VHN-161131date:2019-04-10T00:00:00
db:BIDid:107692date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2019-003290date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-159date:2019-04-19T00:00:00
db:NVDid:CVE-2019-9696date:2024-11-21T04:52:07.590

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-16056date:2019-05-30T00:00:00
db:VULHUBid:VHN-161131date:2019-04-09T00:00:00
db:BIDid:107692date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2019-003290date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-159date:2019-04-04T00:00:00
db:NVDid:CVE-2019-9696date:2019-04-09T21:29:03.897