Publication request for Symantec 20171031

2025-06-07 21:47:16 +00:00 · 2017-10-31 14:35:06 -04:00 · 2017-10-31 14:35:06 -04:00 · 050fc852d3
commit 050fc852d3
parent 1c441301a3
1 changed files with 46 additions and 3 deletions
--- a/2016/9xxx/CVE-2016-9097.json
+++ b/2016/9xxx/CVE-2016-9097.json
@ -1,8 +1,32 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "secure@symantec.com",
+      "DATE_PUBLIC" : "2017-10-26T00:00:00",
      "ID" : "CVE-2016-9097",
-      "STATE" : "REJECT"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Symantec Advanced Secure Gateway (ASG) and ProxySG",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "Symantec Corporation"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,7 +35,26 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
+            "value" : "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Improper user authorization"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
         }
      ]
   }