CVE-2012-0297

Published: May 21, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.

Affected (3)

Products: Symantec: Web Gateway

Symantec

1 product

Web Gateway

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Symantec Web Gateway	Version 5.0.1
Symantec Web Gateway	Version 5.0.2
Symantec Web Gateway	Version 5.0

Related CWEs

CWE-264

References (6)

http://www.securityfocus.com/bid/53444

Source: cve@mitre.org

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/75731

Source: cve@mitre.org

http://www.securityfocus.com/bid/53444

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/75731

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.