| Vulnerability Name: | CVE-2011-0551 (CCN-69137) | ||||||||
| Assigned: | 2011-08-10 | ||||||||
| Published: | 2011-08-10 | ||||||||
| Updated: | 2013-02-07 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-0551 Source: CCN Type: SA43662 Symantec Endpoint Protection Manager Cross-Site Scripting and Request Forgery Source: SECUNIA Type: Vendor Advisory 43662 Source: SECTRACK Type: UNKNOWN 1025919 Source: OSVDB Type: UNKNOWN 74467 Source: CCN Type: OSVDB ID: 74467 Symantec Endpoint Protection Manager Admin User Addition CSRF Source: BID Type: UNKNOWN 49101 Source: CCN Type: BID-49101 Symantec Endpoint Protection CVE-2011-0551 Cross Site Request Forgery Vulnerability Source: CCN Type: Symantec Web site Symantec Endpoint Protection Manager Cross-Site Request Forgery and Cross-Site Scripting Source: CONFIRM Type: UNKNOWN http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00 Source: XF Type: UNKNOWN symantec-endpoint-admin-user-csrf(69137) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||