8.3
CVE-2013-1616
- EPSS 19.28%
- Published 01.08.2013 13:32:21
- Last modified 11.04.2025 00:51:21
- Source secure@symantec.com
- Teams watchlist Login
- Open Login
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
Data is provided by the National Vulnerability Database (NVD)
Symantec ≫ Web Gateway Version <= 5.1
Symantec ≫ Web Gateway Version5.0
Symantec ≫ Web Gateway Version5.0.1
Symantec ≫ Web Gateway Version5.0.2
Symantec ≫ Web Gateway Version5.0.3
Symantec ≫ Web Gateway Version5.0.3.18
Symantec ≫ Web Gateway Appliance 8450 Version-
Symantec ≫ Web Gateway Appliance 8490 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 19.28% | 0.948 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.3 | 6.5 | 10 |
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.