Vulnerability Note VU#274244
Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure
The Blue Coat Malware Analysis appliance is vulnerable to cross-site scripting (XSS) and information disclosure.
The Blue Coat Malware Analysis appliance is a sandboxed appliance that scans for threats in files and downloads on the network.
A cross-site scripting vulnerability exists in search.php of the appliance. This vulnerability has been assigned CVE-2015-0937.
The cross-site scripting vulnerability may allow compromise of user credentials. The information disclosure vulnerability may allow private file data to be obtained by unauthorized users.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Blue Coat Systems||Affected||02 Feb 2015||07 Apr 2015|
CVSS Metrics (Learn More)
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-0937 CVE-2015-0938
- Date Public: 14 Apr 2015
- Date First Published: 14 Apr 2015
- Date Last Updated: 17 Apr 2015
- Document Revision: 27
If you have feedback, comments, or additional information about this vulnerability, please send us email.