Vulnerability Details CVE-2016-9099
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- http://www.securityfocus.com/bid/102455
- http://www.securitytracker.com/id/1040138
- https://www.symantec.com/security-center/network-protection-security-advisories/SA155
- http://www.securityfocus.com/bid/102455
- http://www.securitytracker.com/id/1040138
- https://www.symantec.com/security-center/network-protection-security-advisories/SA155
Products affected by CVE-2016-9099
-
cpe:2.3:a:broadcom:advanced_secure_gateway:6.6
-
cpe:2.3:a:broadcom:advanced_secure_gateway:6.7
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.1
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.10.4
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.2
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8
-
cpe:2.3:a:broadcom:symantec_proxysg:6.6
-
cpe:2.3:a:broadcom:symantec_proxysg:6.7
-
cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1