PT-2017-9953 · Symantec · Symantec Advanced Secure Gateway+1
Published
2017-05-11
·
Updated
2021-07-08
·
CVE-2016-9099
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Symantec Advanced Secure Gateway (ASG) versions 6.6 through 6.7 prior to 6.7.2.1
ProxySG versions 6.5 prior to 6.5.10.6
ProxySG version 6.6
ProxySG versions 6.7 prior to 6.7.2.1
Description
The issue allows a remote attacker to use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. This is achieved through an open redirection vulnerability.
Recommendations
For Symantec Advanced Secure Gateway (ASG) versions 6.6 through 6.7 prior to 6.7.2.1, update to version 6.7.2.1 or later.
For ProxySG versions 6.5 prior to 6.5.10.6, update to version 6.5.10.6 or later.
For ProxySG version 6.6, update to version 6.7.2.1 or later.
For ProxySG versions 6.7 prior to 6.7.2.1, update to version 6.7.2.1 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proxysg
Symantec Advanced Secure Gateway