The Blue Coat Malware Analysis appliance is vulnerable to cross-site scripting (XSS) and information disclosure.
The Blue Coat Malware Analysis appliance is a sandboxed appliance that scans for threats in files and downloads on the network.
A cross-site scripting vulnerability exists in search.php of the appliance. This vulnerability has been assigned CVE-2015-0937.
The cross-site scripting vulnerability may allow compromise of user credentials. The information disclosure vulnerability may allow private file data to be obtained by unauthorized users.
This document was written by Garret Wassermann.