var-201801-0019
Vulnerability from variot
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. This vulnerability CVE-2016-10256 Is a different vulnerability.Information may be obtained and information may be altered. Symantec AdvancedSecureGateway (ASG) and ProxySG are security gateway devices from Symantec Corporation of the United States. Managementconsole is one of the management consoles. Symantec ProxySG and ASG are prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "eq",
"trust": 2.0,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 2.0,
"vendor": "symantec",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5"
},
{
"model": "symantec proxysg",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "advanced secure gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.6"
},
{
"model": "symantec proxysg",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "lt",
"trust": 0.8,
"vendor": "symantec",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.5\u003c6.5.10.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "symantec",
"version": "6.7\u003c6.7.2.1"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.5"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.7"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
},
{
"model": "proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.10.6"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.7.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:advanced_secure_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:proxysg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Palaczynski and Pawel Bartunek.",
"sources": [
{
"db": "BID",
"id": "102447"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-10257",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-04070",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-89015",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-10257",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10257",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-10257",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-04070",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1031",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-89015",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. This vulnerability CVE-2016-10256 Is a different vulnerability.Information may be obtained and information may be altered. Symantec AdvancedSecureGateway (ASG) and ProxySG are security gateway devices from Symantec Corporation of the United States. Managementconsole is one of the management consoles. Symantec ProxySG and ASG are prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10257"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "VULHUB",
"id": "VHN-89015"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10257",
"trust": 3.4
},
{
"db": "BID",
"id": "102447",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1040138",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-04070",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89015",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"id": "VAR-201801-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
}
],
"trust": 1.2780618366666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
}
]
},
"last_update_date": "2024-11-23T21:53:31.272000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA155",
"trust": 0.8,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA155"
},
{
"title": "Patch for Symantec ASG and ProxySG Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/119469"
},
{
"title": "Symantec Advanced Secure Gateway and ProxySG Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155175"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa155"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102447"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040138"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10257"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10257"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"db": "VULHUB",
"id": "VHN-89015"
},
{
"db": "BID",
"id": "102447"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"date": "2018-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-89015"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102447"
},
{
"date": "2018-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"date": "2017-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"date": "2018-01-10T02:29:31.880000",
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04070"
},
{
"date": "2021-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-89015"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102447"
},
{
"date": "2018-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001362"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1031"
},
{
"date": "2024-11-21T02:43:40.397000",
"db": "NVD",
"id": "CVE-2016-10257"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symantec Advanced Secure Gateway and ProxySG Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001362"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1031"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.