Every CVE whose affected-product data names Symantec Web Gateway, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2012-2976 — CVSS 10.0 (critical): The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via…
CVE-2012-0299 — CVSS 10.0 (critical): The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary…
CVE-2012-2953 — CVSS 10.0 (critical): The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted…
CVE-2012-0297 — CVSS 10.0 (critical): The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote…
CVE-2013-5017 — CVSS 9.8 (critical): SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands…
CVE-2016-5313 — CVSS 8.8 (high): Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.
CVE-2015-5690 — CVSS 8.5 (high): The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users…
CVE-2013-1616 — CVSS 8.3 (high): The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by…
CVE-2015-6547 — CVSS 8.3 (high): The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users…
CVE-2015-5692 — CVSS 7.9 (high): admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows…
CVE-2015-5693 — CVSS 7.9 (high): The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users…
CVE-2010-0115 — CVSS 7.5 (high): SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers…
CVE-2011-0549 — CVSS 7.5 (high): SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary…
CVE-2012-2574 — CVSS 7.5 (high): SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute…
CVE-2012-2961 — CVSS 7.5 (high): SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute…
CVE-2012-4178 — CVSS 7.5 (high): SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute…
CVE-2013-1617 — CVSS 7.4 (high): Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote…
CVE-2013-4672 — CVSS 7.2 (high): The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to…
CVE-2012-2957 — CVSS 7.2 (high): The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a…
CVE-2014-7285 — CVSS 6.5 (medium): The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS…
CVE-2013-5012 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote…
CVE-2012-0298 — CVSS 6.4 (medium): The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2)…
CVE-2013-4671 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows…
CVE-2013-4673 — CVSS 5.8 (medium): The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which…
CVE-2014-1651 — CVSS 5.8 (medium): SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers…
CVE-2015-6548 — CVSS 5.8 (medium): Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software…
CVE-2016-5310 — CVSS 5.5 (medium): The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email…
CVE-2016-5309 — CVSS 5.5 (medium): The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email…
CVE-2014-1650 — CVSS 5.2 (medium): SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated…
CVE-2012-2977 — CVSS 5.0 (medium): The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted…
CVE-2012-0296 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers…
CVE-2013-4670 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1…
CVE-2015-5691 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with…
CVE-2013-5013 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow…
CVE-2014-1652 — CVSS 2.3 (low): Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote…