cvelist/2016/9xxx/CVE-2016-9097.json

{
    "CVE_data_meta": {
        "ASSIGNER": "secure@symantec.com",
        "DATE_PUBLIC": "2017-10-30T00:00:00",
        "ID": "CVE-2016-9097",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Symantec Corporation"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Improper user authorization"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "101530",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/101530"
            },
            {
                "name": "1039701",
                "refsource": "SECTRACK",
                "url": "http://www.securitytracker.com/id/1039701"
            },
            {
                "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146",
                "refsource": "CONFIRM",
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
            }
        ]
    }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-17 21:58:04 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "secure@symantec.com",`
			`"DATE_PUBLIC": "2017-10-30T00:00:00",`
			`"ID": "CVE-2016-9097",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Symantec Corporation"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
Publication request for Symantec 20171031 2017-10-31 14:35:06 -04:00			`{`
"-Synchronized-Data." 2019-03-17 21:58:04 +00:00			`"lang": "eng",`
			`"value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."`
Publication request for Symantec 20171031 2017-10-31 14:35:06 -04:00			`}`
"-Synchronized-Data." 2019-03-17 21:58:04 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Improper user authorization"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "101530",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/101530"`
			`},`
			`{`
			`"name": "1039701",`
			`"refsource": "SECTRACK",`
			`"url": "http://www.securitytracker.com/id/1039701"`
			`},`
			`{`
			`"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"`
			`}`
			`]`
			`}`
			`}`