Lucene search

MitreCVE-2006-3072

HistoryJun 19, 2006 - 10:02 a.m.

CVE-2006-3072

2006-06-1910:02:00

mitre

web.nvd.nist.gov

cve-2006-3072

m4 macro library

symantec security information manager

command execution

security vulnerability

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted “rule definitions”, which produces dangerous Java code during M4 transformation.

Affected configurations

Nvd

Node

symantecsecurity_information_managerMatch4.0.2

symantecsecurity_information_managerMatch4.0.2.1

symantecsecurity_information_managerMatch4.0.2.2

symantecsecurity_information_managerMatch4.0.2.3

symantecsecurity_information_managerMatch4.0.2.4

symantecsecurity_information_managerMatch4.0.2.5

symantecsecurity_information_managerMatch4.0.2.6

symantecsecurity_information_managerMatch4.0.2.7

symantecsecurity_information_managerMatch4.0.2.8

symantecsecurity_information_managerMatch4.0.2.9

symantecsecurity_information_managerMatch4.0.2.10

symantecsecurity_information_managerMatch4.0.2.11

symantecsecurity_information_managerMatch4.0.2.12

symantecsecurity_information_managerMatch4.0.2.13

symantecsecurity_information_managerMatch4.0.2.14

symantecsecurity_information_managerMatch4.0.2.15

symantecsecurity_information_managerMatch4.0.2.16

symantecsecurity_information_managerMatch4.0.2.17

symantecsecurity_information_managerMatch4.0.2.18

symantecsecurity_information_managerMatch4.0.2.19

symantecsecurity_information_managerMatch4.0.2.20

symantecsecurity_information_managerMatch4.0.2.21

symantecsecurity_information_managerMatch4.0.2.22

symantecsecurity_information_managerMatch4.0.2.23

symantecsecurity_information_managerMatch4.0.2.24

symantecsecurity_information_managerMatch4.0.2.25

symantecsecurity_information_managerMatch4.0.2.26

symantecsecurity_information_managerMatch4.0.2.27

symantecsecurity_information_managerMatch4.0.2.28

symantecsecurity_information_managerMatch4.0.2.29

VendorProductVersionCPE
symantecsecurity_information_manager4.0.2cpe:2.3:a:symantec:security_information_manager:4.0.2:*:*:*:*:*:*:*
symantecsecurity_information_manager4.0.2.1cpe:2.3:a:symantec:security_information_manager:4.0.2.1:*:*:*:*:*:*:*
symantecsecurity_information_manager4.0.2.2cpe:2.3:a:symantec:security_information_manager:4.0.2.2:*:*:*:*:*:*:*
symantecsecurity_information_manager4.0.2.3cpe:2.3:a:symantec:security_information_manager:4.0.2.3:*:*:*:*:*:*:*
symantecsecurity_information_manager4.0.2.4cpe:2.3:a:symantec:security_information_manager:4.0.2.4:*:*:*:*:*:*:*
symantecsecurity_information_manager4.0.2.5cpe:2.3:a:symantec:security_information_manager:4.0.2.5:*:*:*:*:*:*:*
symantecsecurity_information_manager4.0.2.6cpe:2.3:a:symantec:security_information_manager:4.0.2.6:*:*:*:*:*:*:*
symantecsecurity_information_manager4.0.2.7cpe:2.3:a:symantec:security_information_manager:4.0.2.7:*:*:*:*:*:*:*
symantecsecurity_information_manager4.0.2.8cpe:2.3:a:symantec:security_information_manager:4.0.2.8:*:*:*:*:*:*:*
symantecsecurity_information_manager4.0.2.9cpe:2.3:a:symantec:security_information_manager:4.0.2.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	security_information_manager	4.0.2	cpe:2.3:a:symantec:security_information_manager:4.0.2:::::::*
symantec	security_information_manager	4.0.2.1	cpe:2.3:a:symantec:security_information_manager:4.0.2.1:::::::*
symantec	security_information_manager	4.0.2.2	cpe:2.3:a:symantec:security_information_manager:4.0.2.2:::::::*
symantec	security_information_manager	4.0.2.3	cpe:2.3:a:symantec:security_information_manager:4.0.2.3:::::::*
symantec	security_information_manager	4.0.2.4	cpe:2.3:a:symantec:security_information_manager:4.0.2.4:::::::*
symantec	security_information_manager	4.0.2.5	cpe:2.3:a:symantec:security_information_manager:4.0.2.5:::::::*
symantec	security_information_manager	4.0.2.6	cpe:2.3:a:symantec:security_information_manager:4.0.2.6:::::::*
symantec	security_information_manager	4.0.2.7	cpe:2.3:a:symantec:security_information_manager:4.0.2.7:::::::*
symantec	security_information_manager	4.0.2.8	cpe:2.3:a:symantec:security_information_manager:4.0.2.8:::::::*
symantec	security_information_manager	4.0.2.9	cpe:2.3:a:symantec:security_information_manager:4.0.2.9:::::::*

Rows per page:

1-10 of 301

References

secunia.com/advisories/20647

securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html

securitytracker.com/id?1016296

www.securityfocus.com/bid/18420

www.vupen.com/english/advisories/2006/2334

exchange.xforce.ibmcloud.com/vulnerabilities/27105

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for CVE-2006-3072