CVE-2013-4671 : Cross-site request forgery (CSRF) vulnerability in the management console on the

Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Published 2013-08-01 13:32:21

Updated 2025-04-11 00:51:22

Source Symantec Corporation

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2013-4671

Symantec » Web Gateway
Versions up to, including, (<=) 5.1
cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*
Matching versions
Symantec » Web Gateway » Version: 5.0
cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*
Matching versions
Symantec » Web Gateway » Version: 5.0.1
cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*
Matching versions
Symantec » Web Gateway » Version: 5.0.2
cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*
Matching versions
Symantec » Web Gateway » Version: 5.0.3
cpe:2.3:a:symantec:web_gateway:5.0.3:*:*:*:*:*:*:*
Matching versions
Symantec » Web Gateway » Version: 5.0.3.18
cpe:2.3:a:symantec:web_gateway:5.0.3.18:*:*:*:*:*:*:*
Matching versions
Symantec » Web Gateway Appliance 8450 » Version: N/A
cpe:2.3:h:symantec:web_gateway_appliance_8450:-:*:*:*:*:*:*:*
Matching versions
Symantec » Web Gateway Appliance 8490 » Version: N/A
cpe:2.3:h:symantec:web_gateway_appliance_8490:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-4671

EPSS FAQ

0.59%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-4671

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-4671

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-4671

http://www.securityfocus.com/bid/61102

Symantec Web Gateway CVE-2013-4671 Cross Site Request Forgery Vulnerability
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00

Symantec Web Gateway Security Issues

CVEs referencing this url
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt

CVEs referencing this url
http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html

Symantec Web Gateway XSS / CSRF / SQL Injection / Command Injection ≈ Packet Storm

CVEs referencing this url
http://osvdb.org/95699

Jump to

Vulnerability Details : CVE-2013-4671

Products affected by CVE-2013-4671

Exploit prediction scoring system (EPSS) score for CVE-2013-4671

CVSS scores for CVE-2013-4671

CWE ids for CVE-2013-4671

References for CVE-2013-4671