Lucene search

MitreCVE-2009-1432

HistoryApr 30, 2009 - 8:30 p.m.

CVE-2009-1432

2009-04-3020:30:00

CWE-20

mitre

web.nvd.nist.gov

symantec

reporting

server

remote attack

phishing

url

security vulnerability

cve-2009-1432

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.013

Percentile

85.8%

JSON

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

Affected configurations

Nvd

Node

symantecantivirusMatch10.1-corporate

symantecantivirusMatch10.1maintenance_release7corporate

symantecantivirusMatch10.2-corporate

symantecantivirusMatch10.2maintenance_release1corporate

symantecclient_securityMatch3.1-

symantecclient_securityMatch3.1maintenance_release7

symantecendpoint_protectionMatch11.0-

symantecendpoint_protectionMatch11.0maintenance_release1

VendorProductVersionCPE
symantecantivirus10.1cpe:2.3:a:symantec:antivirus:10.1:-:*:*:corporate:*:*:*
symantecantivirus10.1cpe:2.3:a:symantec:antivirus:10.1:maintenance_release7:*:*:corporate:*:*:*
symantecantivirus10.2cpe:2.3:a:symantec:antivirus:10.2:-:*:*:corporate:*:*:*
symantecantivirus10.2cpe:2.3:a:symantec:antivirus:10.2:maintenance_release1:*:*:corporate:*:*:*
symantecclient_security3.1cpe:2.3:a:symantec:client_security:3.1:-:*:*:*:*:*:*
symantecclient_security3.1cpe:2.3:a:symantec:client_security:3.1:maintenance_release7:*:*:*:*:*:*
symantecendpoint_protection11.0cpe:2.3:a:symantec:endpoint_protection:11.0:-:*:*:*:*:*:*
symantecendpoint_protection11.0cpe:2.3:a:symantec:endpoint_protection:11.0:maintenance_release1:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	antivirus	10.1	cpe:2.3:a:symantec:antivirus:10.1:-:::corporate:::*
symantec	antivirus	10.1	cpe:2.3:a:symantec:antivirus:10.1:maintenance_release7:::corporate:::*
symantec	antivirus	10.2	cpe:2.3:a:symantec:antivirus:10.2:-:::corporate:::*
symantec	antivirus	10.2	cpe:2.3:a:symantec:antivirus:10.2:maintenance_release1:::corporate:::*
symantec	client_security	3.1	cpe:2.3:a:symantec:client_security:3.1:-::::::
symantec	client_security	3.1	cpe:2.3:a:symantec:client_security:3.1:maintenance_release7::::::
symantec	endpoint_protection	11.0	cpe:2.3:a:symantec:endpoint_protection:11.0:-::::::
symantec	endpoint_protection	11.0	cpe:2.3:a:symantec:endpoint_protection:11.0:maintenance_release1::::::

References

secunia.com/advisories/34856

secunia.com/advisories/34935

securitytracker.com/id?1022136

securitytracker.com/id?1022137

securitytracker.com/id?1022138

www.securityfocus.com/bid/34668

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00

www.vupen.com/english/advisories/2009/1202

www.vupen.com/english/advisories/2009/1204

exchange.xforce.ibmcloud.com/vulnerabilities/50172

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.013

Percentile

85.8%

JSON

Related for CVE-2009-1432