PT-2017-9951 · Symantec · Symantec Advanced Secure Gateway+1
Publicado
2017-05-11
·
Atualizado
2021-07-08
·
CVE-2016-9097
CVSS v2.0
8.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
Symantec Advanced Secure Gateway (ASG) versions 6.6 prior to 6.6.5.8
ProxySG versions 6.5 prior to 6.5.10.6
ProxySG versions 6.6 prior to 6.6.5.8
ProxySG versions 6.7 prior to 6.7.1.2
Description
The management consoles of the affected software do not correctly authorize administrator users under certain circumstances. A malicious administrator with read-only access can exploit this issue to access management console functionality that requires read-write access privileges.
Recommendations
For Symantec Advanced Secure Gateway (ASG) version 6.6, update to version 6.6.5.8 or later.
For ProxySG version 6.5, update to version 6.5.10.6 or later.
For ProxySG version 6.6, update to version 6.6.5.8 or later.
For ProxySG version 6.7, update to version 6.7.1.2 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Proxysg
Symantec Advanced Secure Gateway