Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-1432

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

Published

2009-04-30T20:30:00.627

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	symantec	antivirus	10.1	Yes
Application	symantec	antivirus	10.1	Yes
Application	symantec	antivirus	10.2	Yes
Application	symantec	antivirus	10.2	Yes
Application	symantec	client_security	3.1	Yes
Application	symantec	client_security	3.1	Yes
Application	symantec	endpoint_protection	11.0	Yes
Application	symantec	endpoint_protection	11.0	Yes

References

http://secunia.com/advisories/34856 Third Party Advisory ([email protected])
http://secunia.com/advisories/34935 Third Party Advisory ([email protected])
http://securitytracker.com/id?1022136 Third Party Advisory, VDB Entry ([email protected])
http://securitytracker.com/id?1022137 Third Party Advisory, VDB Entry ([email protected])
http://securitytracker.com/id?1022138 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/34668 Third Party Advisory, VDB Entry ([email protected])
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/1202 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/1204 Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/50172 Third Party Advisory, VDB Entry ([email protected])
http://secunia.com/advisories/34856 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34935 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1022136 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1022137 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1022138 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/34668 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/1202 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/1204 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50172 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)