The Symantec Web Gateway management console is vulnerable to remote command execution, local file inclusion, arbitrary password changes, and SQL injection.
The Symantec SYM12-011 advisory states:
"Symantec's Web Gateway management console is susceptible to multiple security issues that include remote command execution, local file inclusion, arbitrary password change and SQL injection security issues. Successful exploitation could result in unauthorized command execution on or access to the management console and backend database."
A remote unauthenticated attacker may be able to run unauthorized commands and access the backend database.
Apply an Update
Thanks to Offensive Security and Tenable Network Security for reporting these vulnerabilities.
This document was written by Jared Allar.