U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:symantec:web_gateway:5.2.1
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2016-5313

Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.

Published: April 12, 2017; 6:59:00 PM -0400 		V3.0: 8.8 HIGH
 V2.0: 9.0 HIGH
CVE-2015-6548

Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Published: September 20, 2015; 4:59:10 PM -0400 		V3.x:(not available)
 V2.0: 5.8 MEDIUM
CVE-2015-6547

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors.

Published: September 20, 2015; 4:59:09 PM -0400 		V3.x:(not available)
 V2.0: 8.3 HIGH
CVE-2015-5693

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."

Published: September 20, 2015; 4:59:08 PM -0400 		V3.x:(not available)
 V2.0: 7.9 HIGH
CVE-2015-5692

admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file.

Published: September 20, 2015; 4:59:07 PM -0400 		V3.x:(not available)
 V2.0: 7.9 HIGH
CVE-2015-5691

Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php.

Published: September 20, 2015; 4:59:06 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2015-5690

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."

Published: September 20, 2015; 4:59:05 PM -0400 		V3.x:(not available)
 V2.0: 8.5 HIGH
CVE-2014-7285

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Published: December 17, 2014; 11:59:00 AM -0500 		V3.x:(not available)
 V2.0: 6.5 MEDIUM