6 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217 •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. Las consolas de administración Content Analysis (CA) versiones 1.3, 2.x anteriores a 2.2.1.1 y Mail Threat Defense (MTD) versión 1.1 de Symantec, son susceptibles a una vulnerabilidad de tipo cross-site request forging (CSRF). Un atacante remoto puede usar phishing u otras técnicas de ingeniería social para acceder a la consola de administración con los privilegios de un usuario administrador autenticado. • http://www.securityfocus.com/bid/104182 https://www.symantec.com/security-center/network-protection-security-advisories/SA149 • CWE-352: Cross-Site Request Forgery (CSRF) •