Advanced Secure Gateway (Asg)
Approved changes feed: RSS · Atom
cpe:2.3:a:symantec_corporation:advanced_secure_gateway_(asg):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Symantec Corporation (1f133db6-919e-5a9d-990b-7fae5ff12390) |
|---|---|
| Product | Advanced Secure Gateway (Asg) (bd0cb835-11c0-5378-aad9-94a7353d2a3d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-5241 |
vulnerable | 2026-06-03 14:38:57.304932 |
Details available
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG. This vulnerability only affects authentication of network users in intercepted traffic. It does not affect administrator user authentication for the ASG and ProxySG management consoles.
Published: 2018-05-29T13:00:00.000Z
Updated: 2024-09-17T03:28:24.667Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-13678 |
vulnerable | 2026-06-03 14:36:37.940919 |
Details available
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.
Published: 2018-04-11T14:00:00.000Z
Updated: 2024-09-16T23:40:33.730Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-13677 |
vulnerable | 2026-06-03 14:36:37.938913 |
Details available
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
Published: 2018-04-11T14:00:00.000Z
Updated: 2024-09-17T02:16:31.679Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-10258 |
vulnerable | 2026-06-03 14:35:23.730265 |
Details available
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
Published: 2018-04-11T14:00:00.000Z
Updated: 2024-09-17T02:37:23.286Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.