Symantec Security ResponseSMNTC-1466Reflected XSS Vulnerability in Security Analytics Web UI
0.002 Low
EPSS
Percentile
55.1%
SUMMARY
The Symantec Security Analytics (SA) Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application.
AFFECTED PRODUCTS
Security Analytics (SA)
CVE |Supported Version(s)|Remediation
CVE-2018-12241 | 7.3 and earlier | Upgrade to 7.3.4.
8.0 | Not vulnerable, fixed.
ISSUES
CVE-2018-12241
Severity / CVSSv3 | Medium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) References| SecurityFocus: BID 105965 / NVD: CVE-2018-12241 Impact| Cross-site scripting (XSS) Description | A reflected cross-site scripting (XSS) vulnerability in the Security Analytics (SA) web UI allows a remote attacker with knowledge of the SA web UI hostname or IP address to craft a URL for the SA web UI and target SA web UI users with phishing attacks and other social engineering techniques. A successful attack allows injecting malicious JavaScript code in the SA web UI client application running in the user’s web browser.
ACKNOWLEDGEMENTS
- CVE-2018-12241: Mohammed Shameem (@_M_Shahnawaz, https://www.linkedin.com/in/mohdshameem36)
REVISION
2018-11-21 Added SecurityFocus BID number.
2018-11-20 initial public release
| CPE | Name | Operator | Version |
|---|---|---|---|
| security analytics (sa) | eq | 7 | |
| security analytics (sa) | eq | 8 |
Related
