CVE-2013-4671

{"id": "CVE-2013-4671", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-08-01T13:32:21.393", "references": [{"url": "http://osvdb.org/95699", "source": "secure@symantec.com"}, {"url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html", "source": "secure@symantec.com"}, {"url": "http://www.securityfocus.com/bid/61102", "source": "secure@symantec.com"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00", "source": "secure@symantec.com"}, {"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt", "source": "secure@symantec.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en consola de gesti\u00f3n de Symantec Web Gateway (SWG) , permite a usuarios autenticados remotamente secuestrar la autenticaci\u00f3n de v\u00edctimas sin especificar a trav\u00e9s de vectores desconocidos."}], "lastModified": "2014-01-17T05:17:47.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B2BB75F-9AB3-4A27-993C-BD2077F4F3A9", "versionEndIncluding": "5.1"}, {"criteria": "cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F5B7857-75D5-4F77-81BF-7B55F743FD5F"}, {"criteria": "cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4525DE38-3B1F-490C-A772-BA0456FB6126"}, {"criteria": "cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3956706B-44B9-40BC-9AAB-78A9583A2858"}, {"criteria": "cpe:2.3:a:symantec:web_gateway:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E5B2ABA-234A-43B1-8D91-33255F85AA26"}, {"criteria": "cpe:2.3:a:symantec:web_gateway:5.0.3.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6286A061-2426-48A5-BCA2-CAB90D3B7406"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:symantec:web_gateway_appliance_8450:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4A72858-FBDC-4587-AC69-0BFA99031F92"}, {"criteria": "cpe:2.3:h:symantec:web_gateway_appliance_8490:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9149CE42-E9F2-4778-8E79-3E1960F813D3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@symantec.com"}