Security vulnerability fixes for Symantec VIP Enterprise Gateway
book
Article ID: 164555
calendar_today
Updated On: 10-05-2023
Products
VIP Service
Issue/Introduction
Learn about the security vulnerability fixes for VIP Enterprise Gateway (VIP EG).
Also see the VIP documentation page.
Resolution
VIP Enterprise Gateway 9.10.2
Vulnerabilities
- Cross SITE SCRIPTING (URL sanitation check)
- Using component with known (Jetty server upgrade)
- Cross Site Request Forgery (also named as 'Replay attack') The password can be captured from this vulnerability.
Solution:
Planned in VIP EG 9.11 release.
Attachments
blacklistedProtocols.properties
get_app
Feedback
Was this article helpful?
thumb_up
Yes
thumb_down
No