| Vulnerability Name: | CVE-2012-0303 (CCN-76571) | ||||||||
| Assigned: | 2012-06-26 | ||||||||
| Published: | 2012-06-26 | ||||||||
| Updated: | 2012-07-06 | ||||||||
| Summary: | Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0303 Source: CCN Type: SA49727 Symantec Message Filter Multiple Vulnerabilities Source: CCN Type: OSVDB ID: 83262 Symantec Message Filter Admin Account Addition CSRF Source: BID Type: UNKNOWN 54133 Source: CCN Type: BID-54133 Symantec Message Filter CVE-2012-0303 Cross Site Request Forgery Vulnerability Source: CCN Type: SYM12-010 Symantec Message Filter Security Issues Source: CONFIRM Type: Vendor Advisory http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 Source: XF Type: UNKNOWN symantec-filter-interface-csrf(76571) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||