CVE-2009-1432

Опубликовано: 30 апр. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

Ссылки

http://secunia.com/advisories/34856
Third Party Advisory
http://secunia.com/advisories/34935
Third Party Advisory
http://securitytracker.com/id?1022136
Third Party Advisory
VDB Entry
http://securitytracker.com/id?1022137
Third Party Advisory
VDB Entry
http://securitytracker.com/id?1022138
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/34668
Third Party Advisory
VDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1202
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1204
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50172
Third Party Advisory
VDB Entry
http://secunia.com/advisories/34856
Third Party Advisory
http://secunia.com/advisories/34935
Third Party Advisory
http://securitytracker.com/id?1022136
Third Party Advisory
VDB Entry
http://securitytracker.com/id?1022137
Third Party Advisory
VDB Entry
http://securitytracker.com/id?1022138
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/34668
Third Party Advisory
VDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1202
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1204
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50172
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:symantec:antivirus:10.1:-:*:*:corporate:*:*:*

cpe:2.3:a:symantec:antivirus:10.1:maintenance_release7:*:*:corporate:*:*:*

cpe:2.3:a:symantec:antivirus:10.2:-:*:*:corporate:*:*:*

cpe:2.3:a:symantec:antivirus:10.2:maintenance_release1:*:*:corporate:*:*:*

cpe:2.3:a:symantec:client_security:3.1:-:*:*:*:*:*:*

cpe:2.3:a:symantec:client_security:3.1:maintenance_release7:*:*:*:*:*:*

cpe:2.3:a:symantec:endpoint_protection:11.0:-:*:*:*:*:*:*

cpe:2.3:a:symantec:endpoint_protection:11.0:maintenance_release1:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02931

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-6rqj-5hx6-m9vf

github

почти 4 года назад