Vulnerabilities > Bluecoat
|2017-06-08||CVE-2016-6594|| 7PK - Security Features vulnerability in Bluecoat Advanced Secure Gateway, Cacheflow and Proxysg |
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
| 5.0 |
|2017-04-11||CVE-2016-10259|| Resource Management Errors vulnerability in Bluecoat products |
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 18.104.22.168, and 3.11 before 22.214.171.124 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections.
| 4.3 |
|2017-04-05||CVE-2016-9091|| OS Command Injection vulnerability in Bluecoat products |
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 126.96.36.199 and Content Analysis System (CAS) 1.3 before 188.8.131.52 are susceptible to an OS command injection vulnerability.
| 9.0 |
|2016-01-08||CVE-2015-8597|| Open Redirection vulnerability in Bluecoat Advanced Secure Gateway and Proxysg |
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 184.108.40.206 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>
| 5.8 |
|2015-12-07||CVE-2015-8482|| Permissions, Privileges, and Access Controls vulnerability in Bluecoat Unified Agent 4.1.3/4.6.1 |
Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors.
| 2.1 |
|2015-02-02||CVE-2015-1454|| Cryptographic Issues vulnerability in Bluecoat Proxyclient and Unified Agent |
Blue Coat ProxyClient before 220.127.116.11 and 3.4.x before 18.104.22.168 and Unified Agent before 22.214.171.124952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.
| 7.1 |
|2014-04-30||CVE-2014-2565|| OS Command Injection vulnerability in Bluecoat products |
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 126.96.36.199 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."
| 6.5 |
|2014-03-02||CVE-2014-2033|| Permissions, Privileges, and Access Controls vulnerability in Bluecoat Proxysgos |
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 188.8.131.52, 6.1 through 184.108.40.206, 6.2 through 220.127.116.11, 6.4 through 18.104.22.168, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.
| 7.9 |
|2013-09-28||CVE-2013-5959|| Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bluecoat Proxysg and Proxysgos |
Blue Coat ProxySG before 22.214.171.124, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests.
| 7.1 |
|2012-08-26||CVE-2010-5189|| Permissions, Privileges, and Access Controls vulnerability in Bluecoat products |
Blue Coat ProxySG before SGOS 126.96.36.199, 5.x before SGOS 188.8.131.52, 5.5 before SGOS 184.108.40.206, and 6.x before SGOS 220.127.116.11 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session.
| 9.3 |