Vulnerabilites related to symantec - reporting_server
cve-2007-3022
Vulnerability from cvelistv5
Published
2007-06-05 21:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34740 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/24312 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/36108 | vdb-entry, x_refsource_OSVDB | |
| http://www.symantec.com/avcenter/security/Content/2007.06.05.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1018196 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/2074 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/25543 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-reporting-information-disclosure(34740)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34740"
},
{
"name": "24312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24312"
},
{
"name": "36108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"name": "1018196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "25543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "symantec-reporting-information-disclosure(34740)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34740"
},
{
"name": "24312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24312"
},
{
"name": "36108",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"name": "1018196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "25543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25543"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-reporting-information-disclosure(34740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34740"
},
{
"name": "24312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24312"
},
{
"name": "36108",
"refsource": "OSVDB",
"url": "http://osvdb.org/36108"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"name": "1018196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "25543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25543"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3022",
"datePublished": "2007-06-05T21:00:00",
"dateReserved": "2007-06-04T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3095
Vulnerability from cvelistv5
Published
2007-06-06 22:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/36107 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/24325 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34895 | vdb-entry, x_refsource_XF | |
| http://www.symantec.com/avcenter/security/Content/2007.06.05.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1018196 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/2074 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/25543 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36107",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36107"
},
{
"name": "24325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24325"
},
{
"name": "symantec-unspecified-authentication-bypass(34895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"name": "1018196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "25543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to \"disable the authentication system\" and bypass authentication via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36107",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36107"
},
{
"name": "24325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24325"
},
{
"name": "symantec-unspecified-authentication-bypass(34895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"name": "1018196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "25543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25543"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to \"disable the authentication system\" and bypass authentication via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36107",
"refsource": "OSVDB",
"url": "http://osvdb.org/36107"
},
{
"name": "24325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24325"
},
{
"name": "symantec-unspecified-authentication-bypass(34895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34895"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"name": "1018196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "25543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25543"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3095",
"datePublished": "2007-06-06T22:00:00",
"dateReserved": "2007-06-06T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3021
Vulnerability from cvelistv5
Published
2007-06-05 21:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.symantec.com/avcenter/security/Content/2007.06.05a.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/24313 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/36109 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1018196 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/2074 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34744 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/25543 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
},
{
"name": "24313",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24313"
},
{
"name": "36109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36109"
},
{
"name": "1018196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "symantec-reporting-code-execution(34744)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
},
{
"name": "25543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
},
{
"name": "24313",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24313"
},
{
"name": "36109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36109"
},
{
"name": "1018196",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "symantec-reporting-code-execution(34744)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
},
{
"name": "25543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25543"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
},
{
"name": "24313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24313"
},
{
"name": "36109",
"refsource": "OSVDB",
"url": "http://osvdb.org/36109"
},
{
"name": "1018196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "symantec-reporting-code-execution(34744)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
},
{
"name": "25543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25543"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3021",
"datePublished": "2007-06-05T21:00:00",
"dateReserved": "2007-06-04T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-06-06 22:30
Modified
2024-11-21 00:32
Severity ?
Summary
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | client_security | 3.1 | |
| symantec | client_security | 3.1.394 | |
| symantec | client_security | 3.1.396 | |
| symantec | client_security | 3.1.400 | |
| symantec | client_security | 3.1.401 | |
| symantec | norton_antivirus | 10.0.2.2021 | |
| symantec | norton_antivirus | 10.1 | |
| symantec | norton_antivirus | 10.1.396 | |
| symantec | norton_antivirus | 10.1.400 | |
| symantec | norton_antivirus | 10.1.401 | |
| symantec | reporting_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*",
"matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4D3CBEF5-25C6-41E8-97A3-2AA43134E619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "81AE594C-41ED-4FE8-839D-B604AE8DC901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4AB33BC0-813C-4944-9835-A1F62614CC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*",
"matchCriteriaId": "423C4F6C-4D87-4604-9122-02E2F06FAFB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*",
"matchCriteriaId": "60BBE26A-E648-440F-9F08-AA7DD62D6C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "953B6B3E-C3B9-40E6-95E6-911FFEA9A184",
"versionEndIncluding": "1.0.197.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to \"disable the authentication system\" and bypass authentication via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como el usado en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus Corporate Edition (SAV CE) 10.1 y posteriores, permite a atacantes remotos \"deshabilitar el sistema de autenticaci\u00f3n\" y evitar la autenticaci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2007-3095",
"lastModified": "2024-11-21T00:32:23.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-06T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36107"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25543"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24325"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34895"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-05 21:30
Modified
2024-11-21 00:32
Severity ?
Summary
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | client_security | 3.1 | |
| symantec | client_security | 3.1.394 | |
| symantec | client_security | 3.1.396 | |
| symantec | client_security | 3.1.400 | |
| symantec | client_security | 3.1.401 | |
| symantec | norton_antivirus | 10.0.2.2021 | |
| symantec | norton_antivirus | 10.1 | |
| symantec | norton_antivirus | 10.1.396 | |
| symantec | norton_antivirus | 10.1.400 | |
| symantec | norton_antivirus | 10.1.401 | |
| symantec | reporting_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*",
"matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4D3CBEF5-25C6-41E8-97A3-2AA43134E619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "81AE594C-41ED-4FE8-839D-B604AE8DC901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4AB33BC0-813C-4944-9835-A1F62614CC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*",
"matchCriteriaId": "423C4F6C-4D87-4604-9122-02E2F06FAFB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*",
"matchCriteriaId": "60BBE26A-E648-440F-9F08-AA7DD62D6C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "953B6B3E-C3B9-40E6-95E6-911FFEA9A184",
"versionEndIncluding": "1.0.197.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
},
{
"lang": "es",
"value": "Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como se usan en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus Corporate Edition (SAV CE) 10.1 y posteriores, no inicializa una variable cr\u00edtica, lo cual permite a los atacantes crear archivos ejecutables de su elecci\u00f3n mediante manipulaciones desconocidas de un archivo que se crea durante la exportaci\u00f3n de datos."
}
],
"id": "CVE-2007-3021",
"lastModified": "2024-11-21T00:32:12.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-05T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36109"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25543"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24313"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-05 21:30
Modified
2024-11-21 00:32
Severity ?
Summary
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | client_security | 3.1 | |
| symantec | client_security | 3.1.394 | |
| symantec | client_security | 3.1.396 | |
| symantec | client_security | 3.1.400 | |
| symantec | client_security | 3.1.401 | |
| symantec | norton_antivirus | 10.0.2.2021 | |
| symantec | norton_antivirus | 10.1 | |
| symantec | norton_antivirus | 10.1.396 | |
| symantec | norton_antivirus | 10.1.400 | |
| symantec | norton_antivirus | 10.1.401 | |
| symantec | reporting_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*",
"matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4D3CBEF5-25C6-41E8-97A3-2AA43134E619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "81AE594C-41ED-4FE8-839D-B604AE8DC901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4AB33BC0-813C-4944-9835-A1F62614CC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*",
"matchCriteriaId": "423C4F6C-4D87-4604-9122-02E2F06FAFB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*",
"matchCriteriaId": "60BBE26A-E648-440F-9F08-AA7DD62D6C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "953B6B3E-C3B9-40E6-95E6-911FFEA9A184",
"versionEndIncluding": "1.0.197.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks."
},
{
"lang": "es",
"value": "Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como se usan en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus corporate Edition (SAV CE) 10.1 y posteriores, muestra el resumen (hash) de la contrase\u00f1a para un usuario tras un intento de acceso fallido, lo cual facilita a atacantes remotos llevar a cabo ataques de fuerza bruta."
}
],
"id": "CVE-2007-3022",
"lastModified": "2024-11-21T00:32:13.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-05T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36108"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25543"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24312"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34740"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}