CVE-2015-2850

Name of the Vulnerable Software and Affected Versions ANTlabs InnGate firmware versions on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices

Description The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via the msg parameter in the index-login.ant file.

Recommendations For all affected versions, consider restricting access to the index-login.ant file until a patch is available. As a temporary workaround, avoid using the msg parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.