| Vulnerability Name: | CVE-2009-1432 (CCN-50172) | ||||||||
| Assigned: | 2009-04-28 | ||||||||
| Published: | 2009-04-28 | ||||||||
| Updated: | 2019-07-26 | ||||||||
| Summary: | Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-1432 Source: CCN Type: SA34856 Symantec Products Alert Management System 2 Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 34856 Source: CCN Type: SA34935 Symantec Products Reporting Server URL Handling Weakness Source: SECUNIA Type: Third Party Advisory 34935 Source: CCN Type: SECTRACK ID: 1022136 Symantec Anti Virus Corporate Edition Bug in Reporting Server Lets Remote Users Display Arbitrary Messages Source: SECTRACK Type: Third Party Advisory, VDB Entry 1022136 Source: CCN Type: SECTRACK ID: 1022137 Symantec Client Security Bug in Reporting Server Lets Remote Users Display Arbitrary Messages Source: SECTRACK Type: Third Party Advisory, VDB Entry 1022137 Source: CCN Type: SECTRACK ID: 1022138 Symantec Endpoint Protection Bug in Reporting Server Lets Remote Users Display Arbitrary Messages Source: SECTRACK Type: Third Party Advisory, VDB Entry 1022138 Source: CCN Type: OSVDB ID: 54131 Symantec Multiple Products Reporting Server URL Handling Unspecified Arbitrary Code Execution Source: BID Type: Third Party Advisory, VDB Entry 34668 Source: CCN Type: BID-34668 Symantec Reporting Server URL Handling Phishing Vulnerability Source: CCN Type: SYM09-008 Symantec Reporting Server Improper URL Handling Exposure Source: CONFIRM Type: Vendor Advisory http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00 Source: VUPEN Type: Third Party Advisory ADV-2009-1202 Source: VUPEN Type: Third Party Advisory ADV-2009-1204 Source: XF Type: Third Party Advisory, VDB Entry multiple-symantec-login-spoofing(50172) Source: XF Type: UNKNOWN multiple-symantec-login-spoofing(50172) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||