CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-46825

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.2%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 6.4

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638

Products affected by CVE-2021-46825

Broadcom » Advanced Secure Gateway » Version: 6.7

cpe:2.3:a:broadcom:advanced_secure_gateway:6.7
Broadcom » Advanced Secure Gateway » Version: 7.3

cpe:2.3:a:broadcom:advanced_secure_gateway:7.3
Broadcom » Proxysg » Version: 6.7

cpe:2.3:a:broadcom:proxysg:6.7
Broadcom » Proxysg » Version: 7.3

cpe:2.3:a:broadcom:proxysg:7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-46825

Products

Pricing

Contact Us