CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2021-30648
https://notcve.org/view.php?id=CVE-2021-30648
30 Jun 2021 — The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance. Las consolas de administración web Symantec Advanced Secure Gateway (ASG) y ProxySG son susceptibles a una vulnerabilidad de omisión de autenticación. Un atacante no autenticado puede ejecutar comandos CLI arbitrarios, ver... • https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-18375
https://notcve.org/view.php?id=CVE-2019-18375
09 Apr 2020 — The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Las consolas de administración de ASG y ProxySG, son susceptibles a una vulnerabilidad de secuestro de sesión. Un atacante remoto, con acceso a la interfaz de administración del dispositivo, puede secuestrar la sesión de un usuario actualmente registrado y acc... • https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1752 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18371
https://notcve.org/view.php?id=CVE-2018-18371
29 Aug 2019 — The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. El modo WebFTP del proxy FTP de ASG/ProxySG... • https://support.symantec.com/us/en/article.SYMSA1472.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18370
https://notcve.org/view.php?id=CVE-2018-18370
29 Aug 2019 — The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior t... • https://support.symantec.com/us/en/article.SYMSA1472.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13678
https://notcve.org/view.php?id=CVE-2017-13678
11 Apr 2018 — Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application. Vulnerabilidad de Cross-Site Scripting (XSS) persistente en las consolas de gestión Symantec Advanced Secure Gateway (ASG) y ProxySG. Un administrador de aparatos malicioso puede inyectar código JavaScript arbitrario en la aplicación cliente de la consola de gestión web. • http://www.securityfocus.com/bid/103685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •