Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-7285

CWE-77Command Injection6 documents6 sources
Severity
6.5MEDIUM
EPSS
74.0%
top 1.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec WEB Gateway
Timeline
PublishedDec 17
Latest updateMay 17

Description

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jrrc-8w3m-x99x: The management console on the Symantec Web Gateway (SWG) appliance before 52022-05-17
CVEList
CVE-2014-7285: The management console on the Symantec Web Gateway (SWG) appliance before 52014-12-17

💥Exploits & PoCs

1
Exploit-DB
Symantec Web Gateway 5 - 'restore.php' (Authenticated) Command Injection (Metasploit)2015-03-04

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2014-02-142014-02-14

💬Community

1
Bugzilla
CVE-2013-7285 XStream: remote code execution due to insecure XML deserialization2014-01-10
CVE-2014-7285 (MEDIUM CVSS 6.5) | The management console on the Syman | cvebase.io