CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
85.8%
Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.
Vendor | Product | Version | CPE |
---|---|---|---|
symantec | antivirus | 10.1 | cpe:2.3:a:symantec:antivirus:10.1:-:*:*:corporate:*:*:* |
symantec | antivirus | 10.1 | cpe:2.3:a:symantec:antivirus:10.1:maintenance_release7:*:*:corporate:*:*:* |
symantec | antivirus | 10.2 | cpe:2.3:a:symantec:antivirus:10.2:-:*:*:corporate:*:*:* |
symantec | antivirus | 10.2 | cpe:2.3:a:symantec:antivirus:10.2:maintenance_release1:*:*:corporate:*:*:* |
symantec | client_security | 3.1 | cpe:2.3:a:symantec:client_security:3.1:-:*:*:*:*:*:* |
symantec | client_security | 3.1 | cpe:2.3:a:symantec:client_security:3.1:maintenance_release7:*:*:*:*:*:* |
symantec | endpoint_protection | 11.0 | cpe:2.3:a:symantec:endpoint_protection:11.0:-:*:*:*:*:*:* |
symantec | endpoint_protection | 11.0 | cpe:2.3:a:symantec:endpoint_protection:11.0:maintenance_release1:*:*:*:*:*:* |
secunia.com/advisories/34856
secunia.com/advisories/34935
securitytracker.com/id?1022136
securitytracker.com/id?1022137
securitytracker.com/id?1022138
www.securityfocus.com/bid/34668
www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00
www.vupen.com/english/advisories/2009/1202
www.vupen.com/english/advisories/2009/1204
exchange.xforce.ibmcloud.com/vulnerabilities/50172