Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Forefront Unified Access Gateway multiple security vulnerabilities
Published:10.11.2010
Source:
SecurityVulns ID:11249
Type:remote
Threat Level:
5/10
Description:Crossite scripting, form redirection.
Affected:MICROSOFT : Forefront Unified Access Gateway 2010
CVE:CVE-2010-2736
 CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.")
 CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability.")
 CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-089 - Important Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) (10.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod