Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
[
{
"product": "Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "9.5 prior to 9.5.4.1"
},
{
"status": "affected",
"version": "10.x prior to 10.2"
}
]
}
]