CyberSec.Space Logo
Back to CVE Browser

CVE-2012-0297

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1380%
EPSS Percentile1.88th
PublishedMay 21, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.

Affected Platforms (CPE)

πŸ“¦
Symantec

Web Gateway

= 5.0
πŸ“¦
Symantec

Web Gateway

= 5.0.1
πŸ“¦
Symantec

Web Gateway

= 5.0.2

References & Advisories

πŸ”— http://www.securityfocus.com/bid/53444
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/75731
πŸ”— http://www.securityfocus.com/bid/53444
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/75731

Related Vulnerabilities

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...

CVE-2020-202110.0

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option i...

CVE-2018-666710.0

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remo...

CVE-2010-473310.0

WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom N...