Search criteria
9 vulnerabilities found for reporter by symantec
FKIE_CVE-2019-12753
Vulnerability from fkie_nvd - Published: 2019-08-30 09:15 - Updated: 2024-11-21 04:23
Severity ?
Summary
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:reporter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81B9CBE6-70CF-482E-8871-414C62144FAA",
"versionEndExcluding": "10.3.2.5",
"versionStartIncluding": "10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Symantec Reporter web UI versiones 10.3 anteriores a 10.3.2.5, permite a un usuario administrador autenticado malicioso obtener contrase\u00f1as por servidores externos SMTP, FTP, FTPS, LDAP y Cloud Log Download a los que no estar\u00edan autorizados para acceder de otro modo. El usuario administrador malicioso tambi\u00e9n puede obtener las contrase\u00f1as de otros usuarios de Reporter web UI."
}
],
"id": "CVE-2019-12753",
"lastModified": "2024-11-21T04:23:30.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-30T09:15:18.007",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-12237
Vulnerability from fkie_nvd - Published: 2019-01-24 21:29 - Updated: 2024-11-21 03:44
Severity ?
Summary
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/106518 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://support.symantec.com/en_US/article.SYMSA1465.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106518 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.symantec.com/en_US/article.SYMSA1465.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:reporter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C80622-75A5-4C97-8C93-B4A09561A948",
"versionEndExcluding": "10.1.5.6",
"versionStartIncluding": "10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:reporter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "531BBC67-9AB6-466D-8D57-7D06816A2E35",
"versionEndExcluding": "10.2.1.8",
"versionStartIncluding": "10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
},
{
"lang": "es",
"value": "Symantec Reporter CLI, en sus versiones 10.1 anteriores a la 10.1.5.6 anteriores a la 10.2.1.8, es susceptible a una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un administrador malicioso autenticado con acceso de \"Enable mode\" puede ejecutar comandos arbitrarios del sistema operativo con privilegios de sistema elevados."
}
],
"id": "CVE-2018-12237",
"lastModified": "2024-11-21T03:44:50.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-24T21:29:00.243",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106518"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-15531
Vulnerability from fkie_nvd - Published: 2018-01-23 20:29 - Updated: 2024-11-21 03:14
Severity ?
Summary
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/102751 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://www.symantec.com/security-center/network-protection-security-advisories/SA158 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102751 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security-center/network-protection-security-advisories/SA158 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:reporter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47BE5353-2F56-4AEF-B3A5-DADF4CC13A46",
"versionEndExcluding": "9.5.4.1",
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:reporter:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C642BF-9677-434A-B191-52DE0CA41E75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter."
},
{
"lang": "es",
"value": "Symantec Reporter en versiones 9.5 anteriores a la 9.5.4.1 y 10.1 anteriores a la 10.1.5.5 no restringe los excesivos intentos de autenticaci\u00f3n para los usuarios de la interfaz de gesti\u00f3n. Un atacante remoto puede emplear b\u00fasquedas de fuerza bruta para adivinar una contrase\u00f1a de usuario y obtener acceso a Reporter."
}
],
"id": "CVE-2017-15531",
"lastModified": "2024-11-21T03:14:43.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-23T20:29:00.283",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-12753 (GCVE-0-2019-12753)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:40 – Updated: 2024-08-04 23:32
VLAI?
Summary
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
Reporter 10.3 prior to 10.3.2.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:40:19",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1489.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12753",
"datePublished": "2019-08-29T22:40:19",
"dateReserved": "2019-06-06T00:00:00",
"dateUpdated": "2024-08-04T23:32:54.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12237 (GCVE-0-2018-12237)
Vulnerability from cvelistv5 – Published: 2019-01-24 21:00 – Updated: 2024-09-16 16:28
VLAI?
Summary
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-25T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-12237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1465.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12237",
"datePublished": "2019-01-24T21:00:00Z",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-09-16T16:28:04.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15531 (GCVE-0-2017-15531)
Vulnerability from cvelistv5 – Published: 2018-01-23 20:00 – Updated: 2024-09-16 19:15
VLAI?
Summary
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
Severity ?
No CVSS data available.
CWE
- Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Reporter |
Affected:
9.5 prior to 9.5.4.1
Affected: 10.x prior to 10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "9.5 prior to 9.5.4.1"
},
{
"status": "affected",
"version": "10.x prior to 10.2"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T14:57:02",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "102751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-15531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reporter",
"version": {
"version_data": [
{
"version_value": "9.5 prior to 9.5.4.1"
},
{
"version_value": "10.x prior to 10.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102751"
},
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-15531",
"datePublished": "2018-01-23T20:00:00Z",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-09-16T19:15:56.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12753 (GCVE-0-2019-12753)
Vulnerability from nvd – Published: 2019-08-29 22:40 – Updated: 2024-08-04 23:32
VLAI?
Summary
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
Reporter 10.3 prior to 10.3.2.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:40:19",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1489.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12753",
"datePublished": "2019-08-29T22:40:19",
"dateReserved": "2019-06-06T00:00:00",
"dateUpdated": "2024-08-04T23:32:54.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12237 (GCVE-0-2018-12237)
Vulnerability from nvd – Published: 2019-01-24 21:00 – Updated: 2024-09-16 16:28
VLAI?
Summary
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-25T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-12237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1465.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12237",
"datePublished": "2019-01-24T21:00:00Z",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-09-16T16:28:04.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15531 (GCVE-0-2017-15531)
Vulnerability from nvd – Published: 2018-01-23 20:00 – Updated: 2024-09-16 19:15
VLAI?
Summary
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
Severity ?
No CVSS data available.
CWE
- Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Reporter |
Affected:
9.5 prior to 9.5.4.1
Affected: 10.x prior to 10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "9.5 prior to 9.5.4.1"
},
{
"status": "affected",
"version": "10.x prior to 10.2"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T14:57:02",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "102751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-15531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reporter",
"version": {
"version_data": [
{
"version_value": "9.5 prior to 9.5.4.1"
},
{
"version_value": "10.x prior to 10.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102751"
},
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-15531",
"datePublished": "2018-01-23T20:00:00Z",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-09-16T19:15:56.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}