Arbitrary Command Execution via Redirect in Symantec Web Gateway Management Console

Arbitrary Command Execution via Redirect in Symantec Web Gateway Management Console

CVE-2015-5690 · HIGH Severity

AV:N/AC:M/AU:S/C:C/I:C/A:C

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."

Learn more about our Web App Pen Testing.