Vulnerability CVE-2007-3095


Published: 2007-06-06   Modified: 2012-02-12

Description:
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Client security 
Symantec -> Norton antivirus 
Symantec -> Reporting server 

 References:
http://www.vupen.com/english/advisories/2007/2074
http://www.symantec.com/avcenter/security/Content/2007.06.05.html
http://www.securityfocus.com/bid/24325
http://osvdb.org/36107
http://xforce.iss.net/xforce/xfdb/34895
http://www.securitytracker.com/id?1018196
http://secunia.com/advisories/25543

Copyright 2024, cxsecurity.com

 

Back to Top