Search criteria
6 vulnerabilities found for reporter by symantec
CVE-2019-12753 (GCVE-0-2019-12753)
Vulnerability from nvd – Published: 2019-08-29 22:40 – Updated: 2024-08-04 23:32
VLAI?
Summary
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
Reporter 10.3 prior to 10.3.2.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:40:19",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1489.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12753",
"datePublished": "2019-08-29T22:40:19",
"dateReserved": "2019-06-06T00:00:00",
"dateUpdated": "2024-08-04T23:32:54.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12237 (GCVE-0-2018-12237)
Vulnerability from nvd – Published: 2019-01-24 21:00 – Updated: 2024-09-16 16:28
VLAI?
Summary
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-25T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-12237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1465.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12237",
"datePublished": "2019-01-24T21:00:00Z",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-09-16T16:28:04.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15531 (GCVE-0-2017-15531)
Vulnerability from nvd – Published: 2018-01-23 20:00 – Updated: 2024-09-16 19:15
VLAI?
Summary
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
Severity ?
No CVSS data available.
CWE
- Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Reporter |
Affected:
9.5 prior to 9.5.4.1
Affected: 10.x prior to 10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "9.5 prior to 9.5.4.1"
},
{
"status": "affected",
"version": "10.x prior to 10.2"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T14:57:02",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "102751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-15531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reporter",
"version": {
"version_data": [
{
"version_value": "9.5 prior to 9.5.4.1"
},
{
"version_value": "10.x prior to 10.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102751"
},
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-15531",
"datePublished": "2018-01-23T20:00:00Z",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-09-16T19:15:56.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12753 (GCVE-0-2019-12753)
Vulnerability from cvelistv5 – Published: 2019-08-29 22:40 – Updated: 2024-08-04 23:32
VLAI?
Summary
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
Reporter 10.3 prior to 10.3.2.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T22:40:19",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-12753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "Reporter 10.3 prior to 10.3.2.5"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1489.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-12753",
"datePublished": "2019-08-29T22:40:19",
"dateReserved": "2019-06-06T00:00:00",
"dateUpdated": "2024-08-04T23:32:54.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12237 (GCVE-0-2018-12237)
Vulnerability from cvelistv5 – Published: 2019-01-24 21:00 – Updated: 2024-09-16 16:28
VLAI?
Summary
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Reporter |
Affected:
10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-25T10:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2019-01-10T00:00:00",
"ID": "CVE-2018-12237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Reporter",
"version": {
"version_data": [
{
"version_value": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1465.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
},
{
"name": "106518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12237",
"datePublished": "2019-01-24T21:00:00Z",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-09-16T16:28:04.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15531 (GCVE-0-2017-15531)
Vulnerability from cvelistv5 – Published: 2018-01-23 20:00 – Updated: 2024-09-16 19:15
VLAI?
Summary
Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
Severity ?
No CVSS data available.
CWE
- Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Reporter |
Affected:
9.5 prior to 9.5.4.1
Affected: 10.x prior to 10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:26.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reporter",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "9.5 prior to 9.5.4.1"
},
{
"status": "affected",
"version": "10.x prior to 10.2"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T14:57:02",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "102751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-15531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reporter",
"version": {
"version_data": [
{
"version_value": "9.5 prior to 9.5.4.1"
},
{
"version_value": "10.x prior to 10.2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102751"
},
{
"name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2017-15531",
"datePublished": "2018-01-23T20:00:00Z",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-09-16T19:15:56.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}