CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-10257
https://notcve.org/view.php?id=CVE-2016-10257
10 Jan 2018 — The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. La consola de gestión de Symantec Advanced Secure Gateway (ASG) 6... • http://www.securityfocus.com/bid/102447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6594
https://notcve.org/view.php?id=CVE-2016-6594
08 Jun 2017 — Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG versiones 6.5 y 6.6 permite a los atacantes remotos evitar las solicitudes bloqueadas, la autenticación del usuario y el escaneo de la carga útil. • http://www.securityfocus.com/bid/91404 • CWE-254: 7PK - Security Features •
CVSS: 8.0EPSS: 1%CPEs: 29EXPL: 0CVE-2016-9097
https://notcve.org/view.php?id=CVE-2016-9097
11 May 2017 — The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. Las consolas de administración Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.... • http://www.securityfocus.com/bid/101530 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9099
https://notcve.org/view.php?id=CVE-2016-9099
11 May 2017 — Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. Advanced Secure Gateway (ASG) versión 6.6, ASG versiones 6.7 anteriores a 6.7.2.1, ProxySG versiones 6.5 anteriores a 6.5.10.6, ProxySG versión 6.6 y ProxySG versiones 6.7 anteri... • http://www.securityfocus.com/bid/102455 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9100
https://notcve.org/view.php?id=CVE-2016-9100
11 May 2017 — Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.5.13, ASG versiones 6.7 anteri... • http://www.securityfocus.com/bid/102454 • CWE-255: Credentials Management Errors •
CVSS: 9.0EPSS: 36%CPEs: 2EXPL: 3CVE-2016-9091 – Bluecoat ASG 6.6/CAS 1.3 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9091
03 Apr 2017 — Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. Blue Coat Advanced Security Gateway (ASG) 6.6 en versiones anteriores a 6.6.5.4 y el Sistema de Análisis de Contenido (CAS) 1.3 en versiones anteriores a 1.3.7.4 son susceptibles a una vulnerabilidad de inyección de comandos de OS. Un... • https://packetstorm.news/files/id/141909 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2015-8597
https://notcve.org/view.php?id=CVE-2015-8597
08 Jan 2016 — Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." Vulnerabilidad de redirección abierta en Blue Coat ProxySG 6.5 en versiones anteriores a 6.5.8.8 y 6.6 y Advanced Secure Gateway (... • http://knowitsecure.se/2015/12/18/knowit-secure-sakrar-bluecoat •