CVE-2009-1432

Sažetak

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

Reference

http://secunia.com/advisories/34856
http://secunia.com/advisories/34935
http://securitytracker.com/id?1022136
http://securitytracker.com/id?1022137
http://securitytracker.com/id?1022138
http://www.securityfocus.com/bid/34668
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00
http://www.vupen.com/english/advisories/2009/1202
http://www.vupen.com/english/advisories/2009/1204
https://exchange.xforce.ibmcloud.com/vulnerabilities/50172

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

26-07-2019 - 14:02

Objavljeno

30-04-2009 - 20:30