Vulnerabilities > Bluecoat

DATE CVE VULNERABILITY TITLE RISK
2017-06-08 CVE-2016-6594 7PK - Security Features vulnerability in Bluecoat Advanced Secure Gateway, Cacheflow and Proxysg
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
network
low complexity
bluecoat CWE-254
5.0
2017-04-11 CVE-2016-10259 Resource Management Errors vulnerability in Bluecoat products
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections.
network
bluecoat CWE-399
4.3
2017-04-05 CVE-2016-9091 OS Command Injection vulnerability in Bluecoat products
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability.
network
low complexity
bluecoat CWE-78
critical
9.0
2016-01-08 CVE-2015-8597 Open Redirection vulnerability in Bluecoat Advanced Secure Gateway and Proxysg
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
network
bluecoat
5.8
2015-12-07 CVE-2015-8482 Permissions, Privileges, and Access Controls vulnerability in Bluecoat Unified Agent 4.1.3/4.6.1
Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors.
local
low complexity
bluecoat CWE-264
2.1
2015-02-02 CVE-2015-1454 Cryptographic Issues vulnerability in Bluecoat Proxyclient and Unified Agent
Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.
network
bluecoat CWE-310
7.1
2014-04-30 CVE-2014-2565 OS Command Injection vulnerability in Bluecoat products
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."
high complexity
bluecoat CWE-78
6.5
2014-03-02 CVE-2014-2033 Permissions, Privileges, and Access Controls vulnerability in Bluecoat Proxysgos
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.
7.9
2013-09-28 CVE-2013-5959 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bluecoat Proxysg and Proxysgos
Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests.
network
bluecoat CWE-119
7.1
2012-08-26 CVE-2010-5189 Permissions, Privileges, and Access Controls vulnerability in Bluecoat products
Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session.
network
bluecoat CWE-264
critical
9.3