Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
150 vulnerabilities by Symantec Corporation
CVE-2019-18380 (GCVE-0-2019-18380)
Vulnerability from cvelistv5 – Published: 2019-12-09 17:28 – Updated: 2024-08-05 01:54
VLAI
Summary
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
Severity
No CVSS data available.
CWE
- Unauthorized Access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Industrial Control System Protection (ICSP) |
Affected:
6.x.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:13.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1500.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Industrial Control System Protection (ICSP)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.x.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-09T17:28:11.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1500.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Industrial Control System Protection (ICSP)",
"version": {
"version_data": [
{
"version_value": "6.x.x"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1500.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1500.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18380",
"datePublished": "2019-12-09T17:28:11.000Z",
"dateReserved": "2019-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:13.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12755 (GCVE-0-2019-12755)
Vulnerability from cvelistv5 – Published: 2019-09-17 15:49 – Updated: 2024-08-04 23:32
VLAI
Summary
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Password Manager |
Affected:
Prior to 6.5.0.2104
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Password Manager",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 6.5.0.2104"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T15:49:23.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Password Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.5.0.2104"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1493.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12755",
"datePublished": "2019-09-17T15:49:23.000Z",
"dateReserved": "2019-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:55.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9697 (GCVE-0-2019-9697)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:43 – Updated: 2024-08-04 21:54
VLAI
Summary
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Management Center (MC) |
Affected:
2.0
Affected: 2.1 Affected: 2.2 prior to 2.2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1480.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Management Center (MC)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2 prior to 2.2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:43:44.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1480.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-9697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Management Center (MC)",
"version": {
"version_data": [
{
"version_value": "2.0"
},
{
"version_value": "2.1"
},
{
"version_value": "2.2 prior to 2.2.2.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1480.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1480.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-9697",
"datePublished": "2019-08-29T22:43:44.000Z",
"dateReserved": "2019-03-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:45.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12753 (GCVE-0-2019-12753)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:40 – Updated: 2024-08-04 23:32
VLAI
Summary
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
Reporter 10.3 prior to 10.3.2.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:40:19.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1489.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12753",
"datePublished": "2019-08-29T22:40:19.000Z",
"dateReserved": "2019-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:54.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12754 (GCVE-0-2019-12754)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:27 – Updated: 2024-08-04 23:32
VLAI
Summary
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | My VIP Portal |
Affected:
Previous My VIP portal
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1491.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "My VIP Portal",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Previous My VIP portal"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:27:48.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1491.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "My VIP Portal",
"version": {
"version_data": [
{
"version_value": "Previous My VIP portal"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1491.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1491.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12754",
"datePublished": "2019-08-29T22:27:48.000Z",
"dateReserved": "2019-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:54.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18371 (GCVE-0-2018-18371)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:14 – Updated: 2024-08-05 11:08
VLAI
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Affected:
6.6 and 6.7 prior to 6.7.4.2
|
|
| Symantec Corporation | Symantec ProxySG |
Affected:
6.5 prior to 6.5.10.15
Affected: 6.6 Affected: 6.7 prior to 6.7.4.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 and 6.7 prior to 6.7.4.2"
}
]
},
{
"product": "Symantec ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.15"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:14:58.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18371",
"datePublished": "2019-08-29T22:14:58.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18370 (GCVE-0-2018-18370)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:13 – Updated: 2024-08-05 11:08
VLAI
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Severity
No CVSS data available.
CWE
- Cross-site-scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Affected:
6.6 and 6.7 prior to 6.7.4.2
|
|
| Symantec Corporation | Symantec ProxySG |
Affected:
6.5 prior to 6.5.10.15
Affected: 6.6 Affected: 6.7 prior to 6.7.4.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 and 6.7 prior to 6.7.4.2"
}
]
},
{
"product": "Symantec ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.15"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site-scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:13:35.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site-scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18370",
"datePublished": "2019-08-29T22:13:35.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18367 (GCVE-0-2018-18367)
Vulnerability from cvelistv5 – Published: 2019-04-25 19:22 – Updated: 2024-08-05 11:08
VLAI
Summary
Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
Severity
No CVSS data available.
CWE
- DLL Preloading
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107996 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Endpoint Protection Manager |
Affected:
Prior to and including 12.1 RU6 MP9
Affected: Prior to 14.2 RU1 |
Date Public
2019-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Protection Manager",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to and including 12.1 RU6 MP9"
},
{
"status": "affected",
"version": "Prior to 14.2 RU1"
}
]
}
],
"datePublic": "2019-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T19:22:17.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Protection Manager",
"version": {
"version_data": [
{
"version_value": "Prior to and including 12.1 RU6 MP9"
},
{
"version_value": "Prior to 14.2 RU1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18367",
"datePublished": "2019-04-25T19:22:17.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18366 (GCVE-0-2018-18366)
Vulnerability from cvelistv5 – Published: 2019-04-25 19:13 – Updated: 2024-08-05 11:08
VLAI
Summary
Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
Severity
No CVSS data available.
CWE
- Kernel memory disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107994 | vdb-entryx_refsource_BID |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Security |
Affected:
Prior to 22.16.3
|
|
| Symantec Corporation | SEP (Windows client) |
Affected:
Prior to and including 12.1 RU6 MP9
Affected: Prior to 14.2 RU1 |
|
| Symantec Corporation | SEP SBE |
Affected:
Prior to Cloud Agent 3.00.31.2817
Affected: NIS-22.15.2.22 Affected: SEP-12.1.7484.7002 |
|
| Symantec Corporation | SEP Cloud |
Affected:
Prior to 22.16.3
|
Date Public
2019-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107994"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Security",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 22.16.3"
}
]
},
{
"product": "SEP (Windows client)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to and including 12.1 RU6 MP9"
},
{
"status": "affected",
"version": "Prior to 14.2 RU1"
}
]
},
{
"product": "SEP SBE",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to Cloud Agent 3.00.31.2817"
},
{
"status": "affected",
"version": "NIS-22.15.2.22"
},
{
"status": "affected",
"version": "SEP-12.1.7484.7002"
}
]
},
{
"product": "SEP Cloud",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 22.16.3"
}
]
}
],
"datePublic": "2019-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel memory disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T19:13:05.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107994"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Security",
"version": {
"version_data": [
{
"version_value": "Prior to 22.16.3"
}
]
}
},
{
"product_name": "SEP (Windows client)",
"version": {
"version_data": [
{
"version_value": "Prior to and including 12.1 RU6 MP9"
},
{
"version_value": "Prior to 14.2 RU1"
}
]
}
},
{
"product_name": "SEP SBE",
"version": {
"version_data": [
{
"version_value": "Prior to Cloud Agent 3.00.31.2817"
},
{
"version_value": "NIS-22.15.2.22"
},
{
"version_value": "SEP-12.1.7484.7002"
}
]
}
},
{
"product_name": "SEP Cloud",
"version": {
"version_data": [
{
"version_value": "Prior to 22.16.3"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel memory disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107994"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18366",
"datePublished": "2019-04-25T19:13:05.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12244 (GCVE-0-2018-12244)
Vulnerability from cvelistv5 – Published: 2019-04-25 18:49 – Updated: 2024-08-05 08:30
VLAI
Summary
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.
Severity
No CVSS data available.
CWE
- CSV/DDE Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_MISC |
| https://www.securityfocus.com/bid/107999 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Endpoint Protection (Mac Client) |
Affected:
Prior to and including 12.1 RU6 MP9
Affected: Prior to 14.2 RU1 |
Date Public
2019-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/107999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Protection (Mac Client)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to and including 12.1 RU6 MP9"
},
{
"status": "affected",
"version": "Prior to 14.2 RU1"
}
]
}
],
"datePublic": "2019-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV/DDE Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T18:49:02.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/107999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-12244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Protection (Mac Client)",
"version": {
"version_data": [
{
"version_value": "Prior to and including 12.1 RU6 MP9"
},
{
"version_value": "Prior to 14.2 RU1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV/DDE Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
"refsource": "MISC",
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107999",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/107999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12244",
"datePublished": "2019-04-25T18:49:02.000Z",
"dateReserved": "2018-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18369 (GCVE-0-2018-18369)
Vulnerability from cvelistv5 – Published: 2019-04-25 16:55 – Updated: 2024-08-05 11:08
VLAI
Summary
Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
Severity
No CVSS data available.
CWE
- DLL Preloading
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107997 | vdb-entryx_refsource_BID |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Security |
Affected:
Prior to 22.16.3
|
|
| Symantec Corporation | Symantec Endpoint Protection Small Business Edition |
Affected:
Prior to Cloud Agent 3.00.31.2817
Affected: NIS-22.15.2.22 Affected: SEP-12.1.7484.7002 |
Date Public
2019-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Security",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 22.16.3"
}
]
},
{
"product": "Symantec Endpoint Protection Small Business Edition",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to Cloud Agent 3.00.31.2817"
},
{
"status": "affected",
"version": "NIS-22.15.2.22"
},
{
"status": "affected",
"version": "SEP-12.1.7484.7002"
}
]
}
],
"datePublic": "2019-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 \u0026 SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T16:55:04.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Security",
"version": {
"version_data": [
{
"version_value": "Prior to 22.16.3"
}
]
}
},
{
"product_name": "Symantec Endpoint Protection Small Business Edition",
"version": {
"version_data": [
{
"version_value": "Prior to Cloud Agent 3.00.31.2817"
},
{
"version_value": "NIS-22.15.2.22"
},
{
"version_value": "SEP-12.1.7484.7002"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 \u0026 SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18369",
"datePublished": "2019-04-25T16:55:04.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18364 (GCVE-0-2018-18364)
Vulnerability from cvelistv5 – Published: 2019-02-08 17:00 – Updated: 2024-09-16 22:35
VLAI
Summary
Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.
Severity
No CVSS data available.
CWE
- DLL Hijack
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106684 | vdb-entryx_refsource_BID |
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Ghost Solution Suite (GSS) |
Affected:
Prior to 3.3 RU1
|
Date Public
2019-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106684",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1474.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ghost Solution Suite (GSS)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 3.3 RU1"
}
]
}
],
"datePublic": "2019-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-09T10:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "106684",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1474.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2018-18364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ghost Solution Suite (GSS)",
"version": {
"version_data": [
{
"version_value": "Prior to 3.3 RU1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106684"
},
{
"name": "https://support.symantec.com/en_US/article.SYMSA1474.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1474.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18364",
"datePublished": "2019-02-08T17:00:00.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:35:04.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12237 (GCVE-0-2018-12237)
Vulnerability from cvelistv5 – Published: 2019-01-24 21:00 – Updated: 2024-09-16 16:28
VLAI
Summary
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
Severity
No CVSS data available.
CWE
- OS command injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106518 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8
|
Date Public
2019-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
],
"datePublic": "2019-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-25T10:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-12237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1465.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12237",
"datePublished": "2019-01-24T21:00:00.000Z",
"dateReserved": "2018-06-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:04.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18363 (GCVE-0-2018-18363)
Vulnerability from cvelistv5 – Published: 2019-01-24 20:00 – Updated: 2024-09-17 01:45
VLAI
Summary
Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.
Severity
No CVSS data available.
CWE
- App lock bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106450 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton App Lock |
Affected:
Prior to 1.4.0.445
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1473.html"
},
{
"name": "106450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton App Lock",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 1.4.0.445"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "App lock bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-25T10:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1473.html"
},
{
"name": "106450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-09T00:00:00",
"ID": "CVE-2018-18363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton App Lock",
"version": {
"version_data": [
{
"version_value": "Prior to 1.4.0.445"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "App lock bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1473.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1473.html"
},
{
"name": "106450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18363",
"datePublished": "2019-01-24T20:00:00.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:45:56.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18362 (GCVE-0-2018-18362)
Vulnerability from cvelistv5 – Published: 2018-12-06 19:00 – Updated: 2024-08-05 11:08
VLAI
Summary
Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
Severity
No CVSS data available.
CWE
- Cross Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106055 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Password Manager |
Affected:
Prior to 6.1.0.1045
|
Date Public
2018-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
},
{
"name": "106055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Password Manager",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 6.1.0.1045"
}
]
}
],
"datePublic": "2018-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-07T10:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
},
{
"name": "106055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106055"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Password Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.1.0.1045"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1470.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
},
{
"name": "106055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106055"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18362",
"datePublished": "2018-12-06T19:00:00.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18380 (GCVE-0-2019-18380)
Vulnerability from nvd – Published: 2019-12-09 17:28 – Updated: 2024-08-05 01:54
VLAI
Summary
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
Severity
No CVSS data available.
CWE
- Unauthorized Access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Industrial Control System Protection (ICSP) |
Affected:
6.x.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:13.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1500.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Industrial Control System Protection (ICSP)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.x.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-09T17:28:11.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1500.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-18380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Industrial Control System Protection (ICSP)",
"version": {
"version_data": [
{
"version_value": "6.x.x"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1500.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1500.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-18380",
"datePublished": "2019-12-09T17:28:11.000Z",
"dateReserved": "2019-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:13.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12755 (GCVE-0-2019-12755)
Vulnerability from nvd – Published: 2019-09-17 15:49 – Updated: 2024-08-04 23:32
VLAI
Summary
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Password Manager |
Affected:
Prior to 6.5.0.2104
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Password Manager",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 6.5.0.2104"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T15:49:23.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Password Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.5.0.2104"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1493.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1493.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12755",
"datePublished": "2019-09-17T15:49:23.000Z",
"dateReserved": "2019-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:55.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9697 (GCVE-0-2019-9697)
Vulnerability from nvd – Published: 2019-08-29 22:43 – Updated: 2024-08-04 21:54
VLAI
Summary
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Management Center (MC) |
Affected:
2.0
Affected: 2.1 Affected: 2.2 prior to 2.2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1480.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Management Center (MC)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2 prior to 2.2.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:43:44.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1480.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-9697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Management Center (MC)",
"version": {
"version_data": [
{
"version_value": "2.0"
},
{
"version_value": "2.1"
},
{
"version_value": "2.2 prior to 2.2.2.1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1480.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1480.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-9697",
"datePublished": "2019-08-29T22:43:44.000Z",
"dateReserved": "2019-03-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:45.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12753 (GCVE-0-2019-12753)
Vulnerability from nvd – Published: 2019-08-29 22:40 – Updated: 2024-08-04 23:32
VLAI
Summary
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
Reporter 10.3 prior to 10.3.2.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:40:19.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1489.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12753",
"datePublished": "2019-08-29T22:40:19.000Z",
"dateReserved": "2019-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:54.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12754 (GCVE-0-2019-12754)
Vulnerability from nvd – Published: 2019-08-29 22:27 – Updated: 2024-08-04 23:32
VLAI
Summary
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | My VIP Portal |
Affected:
Previous My VIP portal
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1491.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "My VIP Portal",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Previous My VIP portal"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:27:48.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1491.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "My VIP Portal",
"version": {
"version_data": [
{
"version_value": "Previous My VIP portal"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1491.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1491.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12754",
"datePublished": "2019-08-29T22:27:48.000Z",
"dateReserved": "2019-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:54.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18371 (GCVE-0-2018-18371)
Vulnerability from nvd – Published: 2019-08-29 22:14 – Updated: 2024-08-05 11:08
VLAI
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Affected:
6.6 and 6.7 prior to 6.7.4.2
|
|
| Symantec Corporation | Symantec ProxySG |
Affected:
6.5 prior to 6.5.10.15
Affected: 6.6 Affected: 6.7 prior to 6.7.4.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 and 6.7 prior to 6.7.4.2"
}
]
},
{
"product": "Symantec ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.15"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:14:58.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG\u0027s web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18371",
"datePublished": "2019-08-29T22:14:58.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18370 (GCVE-0-2018-18370)
Vulnerability from nvd – Published: 2019-08-29 22:13 – Updated: 2024-08-05 11:08
VLAI
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Severity
No CVSS data available.
CWE
- Cross-site-scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) |
Affected:
6.6 and 6.7 prior to 6.7.4.2
|
|
| Symantec Corporation | Symantec ProxySG |
Affected:
6.5 prior to 6.5.10.15
Affected: 6.6 Affected: 6.7 prior to 6.7.4.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Advanced Secure Gateway (ASG)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 and 6.7 prior to 6.7.4.2"
}
]
},
{
"product": "Symantec ProxySG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.5 prior to 6.5.10.15"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7 prior to 6.7.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site-scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:13:35.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Advanced Secure Gateway (ASG)",
"version": {
"version_data": [
{
"version_value": "6.6 and 6.7 prior to 6.7.4.2"
}
]
}
},
{
"product_name": "Symantec ProxySG",
"version": {
"version_data": [
{
"version_value": "6.5 prior to 6.5.10.15"
},
{
"version_value": "6.6"
},
{
"version_value": "6.7 prior to 6.7.4.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG\u0027s web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site-scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1472.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1472.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18370",
"datePublished": "2019-08-29T22:13:35.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18367 (GCVE-0-2018-18367)
Vulnerability from nvd – Published: 2019-04-25 19:22 – Updated: 2024-08-05 11:08
VLAI
Summary
Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
Severity
No CVSS data available.
CWE
- DLL Preloading
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107996 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Endpoint Protection Manager |
Affected:
Prior to and including 12.1 RU6 MP9
Affected: Prior to 14.2 RU1 |
Date Public
2019-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Protection Manager",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to and including 12.1 RU6 MP9"
},
{
"status": "affected",
"version": "Prior to 14.2 RU1"
}
]
}
],
"datePublic": "2019-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T19:22:17.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Protection Manager",
"version": {
"version_data": [
{
"version_value": "Prior to and including 12.1 RU6 MP9"
},
{
"version_value": "Prior to 14.2 RU1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18367",
"datePublished": "2019-04-25T19:22:17.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18366 (GCVE-0-2018-18366)
Vulnerability from nvd – Published: 2019-04-25 19:13 – Updated: 2024-08-05 11:08
VLAI
Summary
Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.
Severity
No CVSS data available.
CWE
- Kernel memory disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107994 | vdb-entryx_refsource_BID |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Security |
Affected:
Prior to 22.16.3
|
|
| Symantec Corporation | SEP (Windows client) |
Affected:
Prior to and including 12.1 RU6 MP9
Affected: Prior to 14.2 RU1 |
|
| Symantec Corporation | SEP SBE |
Affected:
Prior to Cloud Agent 3.00.31.2817
Affected: NIS-22.15.2.22 Affected: SEP-12.1.7484.7002 |
|
| Symantec Corporation | SEP Cloud |
Affected:
Prior to 22.16.3
|
Date Public
2019-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107994"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Security",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 22.16.3"
}
]
},
{
"product": "SEP (Windows client)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to and including 12.1 RU6 MP9"
},
{
"status": "affected",
"version": "Prior to 14.2 RU1"
}
]
},
{
"product": "SEP SBE",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to Cloud Agent 3.00.31.2817"
},
{
"status": "affected",
"version": "NIS-22.15.2.22"
},
{
"status": "affected",
"version": "SEP-12.1.7484.7002"
}
]
},
{
"product": "SEP Cloud",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 22.16.3"
}
]
}
],
"datePublic": "2019-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Kernel memory disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T19:13:05.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107994"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Security",
"version": {
"version_data": [
{
"version_value": "Prior to 22.16.3"
}
]
}
},
{
"product_name": "SEP (Windows client)",
"version": {
"version_data": [
{
"version_value": "Prior to and including 12.1 RU6 MP9"
},
{
"version_value": "Prior to 14.2 RU1"
}
]
}
},
{
"product_name": "SEP SBE",
"version": {
"version_data": [
{
"version_value": "Prior to Cloud Agent 3.00.31.2817"
},
{
"version_value": "NIS-22.15.2.22"
},
{
"version_value": "SEP-12.1.7484.7002"
}
]
}
},
{
"product_name": "SEP Cloud",
"version": {
"version_data": [
{
"version_value": "Prior to 22.16.3"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel memory disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107994"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18366",
"datePublished": "2019-04-25T19:13:05.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12244 (GCVE-0-2018-12244)
Vulnerability from nvd – Published: 2019-04-25 18:49 – Updated: 2024-08-05 08:30
VLAI
Summary
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.
Severity
No CVSS data available.
CWE
- CSV/DDE Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_MISC |
| https://www.securityfocus.com/bid/107999 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Endpoint Protection (Mac Client) |
Affected:
Prior to and including 12.1 RU6 MP9
Affected: Prior to 14.2 RU1 |
Date Public
2019-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/107999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Protection (Mac Client)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to and including 12.1 RU6 MP9"
},
{
"status": "affected",
"version": "Prior to 14.2 RU1"
}
]
}
],
"datePublic": "2019-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV/DDE Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T18:49:02.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/107999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-12244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Protection (Mac Client)",
"version": {
"version_data": [
{
"version_value": "Prior to and including 12.1 RU6 MP9"
},
{
"version_value": "Prior to 14.2 RU1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV/DDE Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
"refsource": "MISC",
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107999",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/107999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12244",
"datePublished": "2019-04-25T18:49:02.000Z",
"dateReserved": "2018-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18369 (GCVE-0-2018-18369)
Vulnerability from nvd – Published: 2019-04-25 16:55 – Updated: 2024-08-05 11:08
VLAI
Summary
Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
Severity
No CVSS data available.
CWE
- DLL Preloading
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/107997 | vdb-entryx_refsource_BID |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Security |
Affected:
Prior to 22.16.3
|
|
| Symantec Corporation | Symantec Endpoint Protection Small Business Edition |
Affected:
Prior to Cloud Agent 3.00.31.2817
Affected: NIS-22.15.2.22 Affected: SEP-12.1.7484.7002 |
Date Public
2019-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Security",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 22.16.3"
}
]
},
{
"product": "Symantec Endpoint Protection Small Business Edition",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to Cloud Agent 3.00.31.2817"
},
{
"status": "affected",
"version": "NIS-22.15.2.22"
},
{
"status": "affected",
"version": "SEP-12.1.7484.7002"
}
]
}
],
"datePublic": "2019-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 \u0026 SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T16:55:04.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Security",
"version": {
"version_data": [
{
"version_value": "Prior to 22.16.3"
}
]
}
},
{
"product_name": "Symantec Endpoint Protection Small Business Edition",
"version": {
"version_data": [
{
"version_value": "Prior to Cloud Agent 3.00.31.2817"
},
{
"version_value": "NIS-22.15.2.22"
},
{
"version_value": "SEP-12.1.7484.7002"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 \u0026 SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18369",
"datePublished": "2019-04-25T16:55:04.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18364 (GCVE-0-2018-18364)
Vulnerability from nvd – Published: 2019-02-08 17:00 – Updated: 2024-09-16 22:35
VLAI
Summary
Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application.
Severity
No CVSS data available.
CWE
- DLL Hijack
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106684 | vdb-entryx_refsource_BID |
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Ghost Solution Suite (GSS) |
Affected:
Prior to 3.3 RU1
|
Date Public
2019-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106684",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1474.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ghost Solution Suite (GSS)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 3.3 RU1"
}
]
}
],
"datePublic": "2019-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-09T10:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "106684",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1474.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-22T00:00:00",
"ID": "CVE-2018-18364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ghost Solution Suite (GSS)",
"version": {
"version_data": [
{
"version_value": "Prior to 3.3 RU1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be susceptible to a DLL hijacking vulnerability, which is a type of issue whereby a potential attacker attempts to execute unexpected code on your machine. This occurs via placement of a potentially foreign file (DLL) that the attacker then attempts to run via a linked application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106684"
},
{
"name": "https://support.symantec.com/en_US/article.SYMSA1474.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1474.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18364",
"datePublished": "2019-02-08T17:00:00.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:35:04.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12237 (GCVE-0-2018-12237)
Vulnerability from nvd – Published: 2019-01-24 21:00 – Updated: 2024-09-16 16:28
VLAI
Summary
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
Severity
No CVSS data available.
CWE
- OS command injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106518 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8
|
Date Public
2019-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
],
"datePublic": "2019-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-25T10:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-12237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1465.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12237",
"datePublished": "2019-01-24T21:00:00.000Z",
"dateReserved": "2018-06-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:04.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18363 (GCVE-0-2018-18363)
Vulnerability from nvd – Published: 2019-01-24 20:00 – Updated: 2024-09-17 01:45
VLAI
Summary
Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.
Severity
No CVSS data available.
CWE
- App lock bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106450 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton App Lock |
Affected:
Prior to 1.4.0.445
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1473.html"
},
{
"name": "106450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton App Lock",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 1.4.0.445"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "App lock bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-25T10:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1473.html"
},
{
"name": "106450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-09T00:00:00",
"ID": "CVE-2018-18363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton App Lock",
"version": {
"version_data": [
{
"version_value": "Prior to 1.4.0.445"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "App lock bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1473.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1473.html"
},
{
"name": "106450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18363",
"datePublished": "2019-01-24T20:00:00.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:45:56.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18362 (GCVE-0-2018-18362)
Vulnerability from nvd – Published: 2018-12-06 19:00 – Updated: 2024-08-05 11:08
VLAI
Summary
Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
Severity
No CVSS data available.
CWE
- Cross Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106055 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Password Manager |
Affected:
Prior to 6.1.0.1045
|
Date Public
2018-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
},
{
"name": "106055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Password Manager",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 6.1.0.1045"
}
]
}
],
"datePublic": "2018-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-07T10:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
},
{
"name": "106055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106055"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-18362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Password Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.1.0.1045"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1470.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1470.html"
},
{
"name": "106055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106055"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-18362",
"datePublished": "2018-12-06T19:00:00.000Z",
"dateReserved": "2018-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}