Vulnerabilites related to bluecoat - content_analysis_system_software
Vulnerability from fkie_nvd
Published
2014-04-30 14:22
Modified
2024-11-21 02:06
Severity ?
Summary
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluecoat | content_analysis_system_software | * | |
| bluecoat | content_analysis_system_software | 1.1 | |
| bluecoat | content_analysis_system_software | 1.1.1.1 | |
| bluecoat | content_analysis_system | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66C66E4D-ACDC-4A87-8D5A-9B6FBABE5C05",
"versionEndIncluding": "1.1.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "372E4BC0-DB27-489F-91E3-8B16B98F667D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:1.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF41DCF-B4D9-44EC-872E-21AF59BB1083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bluecoat:content_analysis_system:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE049E5-2839-42AF-99AE-E11328A2C729",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to \"command injection.\""
},
{
"lang": "es",
"value": "La interfaz commandline en Blue Coat Content Analysis System (CAS) 1.1 anterior a 1.1.4.2 permite a administradores remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados, relacionado con \"inyecci\u00f3n de comandos.\""
}
],
"id": "CVE-2014-2565",
"lastModified": "2024-11-21T02:06:32.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 2.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-30T14:22:06.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-05 15:59
Modified
2024-11-21 03:00
Severity ?
Summary
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bluecoat | advanced_secure_gateway | * | |
| bluecoat | content_analysis_system_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0D9329-D60D-40F9-AE40-B5EDE0B52AB5",
"versionEndIncluding": "6.6.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFA49F6-C7C2-4450-9067-E06368A33C85",
"versionEndIncluding": "1.3.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
},
{
"lang": "es",
"value": "Blue Coat Advanced Security Gateway (ASG) 6.6 en versiones anteriores a 6.6.5.4 y el Sistema de An\u00e1lisis de Contenido (CAS) 1.3 en versiones anteriores a 1.3.7.4 son susceptibles a una vulnerabilidad de inyecci\u00f3n de comandos de OS. Un administrador malicioso autenticado puede ejecutar comandos de OS arbitrarios con privilegios de sistema elevados."
}
],
"id": "CVE-2016-9091",
"lastModified": "2024-11-21T03:00:35.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-05T15:59:00.170",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"source": "secure@symantec.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
},
{
"source": "secure@symantec.com",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"source": "secure@symantec.com",
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/41786/"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-2565
Vulnerability from cvelistv5
Published
2014-04-30 14:00
Modified
2024-08-06 10:21
Severity ?
EPSS score ?
Summary
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.bluecoat.com/index?page=content&id=SA78&actp=LIST | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:34.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to \"command injection.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-30T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to \"command injection.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA78\u0026actp=LIST"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2565",
"datePublished": "2014-04-30T14:00:00",
"dateReserved": "2014-03-20T00:00:00",
"dateUpdated": "2024-08-06T10:21:34.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9091
Vulnerability from cvelistv5
Published
2017-04-05 15:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97372 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/41785/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.exploit-db.com/exploits/41786/ | exploit, x_refsource_EXPLOIT-DB | |
| https://bto.bluecoat.com/security-advisory/sa138 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Symantec Corporation | Blue Coat ASG |
Version: 6.6 prior to 6.6.5.4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Blue Coat ASG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.4"
}
]
},
{
"product": "Blue Coat CAS",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "1.3 prior to 1.3.7.4"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-9091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blue Coat ASG",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.4"
}
]
}
},
{
"product_name": "Blue Coat CAS",
"version": {
"version_data": [
{
"version_value": "1.3 prior to 1.3.7.4"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa138",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-9091",
"datePublished": "2017-04-05T15:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}