CVE-2010-0115

Name of the Vulnerable Software and Affected Versions Symantec Web Gateway versions prior to 4.5.0.376

Description The issue allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter in the login.php file of the GUI management console. This can lead to remote code execution.

Recommendations For Symantec Web Gateway versions prior to 4.5.0.376, update to version 4.5.0.376 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.php file in the GUI management console to minimize the risk of exploitation. Avoid using the USERNAME parameter in the affected API endpoint until the issue is resolved.