Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for reporter by symantec

    CVE-2019-12753 (GCVE-0-2019-12753)

    Vulnerability from nvd – Published: 2019-08-29 22:40 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Symantec Corporation Symantec Reporter Affected: Reporter 10.3 prior to 10.3.2.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Reporter",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reporter 10.3 prior to 10.3.2.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-29T22:40:19.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12753",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Reporter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reporter 10.3 prior to 10.3.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1489.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12753",
        "datePublished": "2019-08-29T22:40:19.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:54.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12237 (GCVE-0-2018-12237)

    Vulnerability from nvd – Published: 2019-01-24 21:00 – Updated: 2024-09-16 16:28
    VLAI
    Summary
    The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
    Severity
    No CVSS data available.
    CWE
    • OS command injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Symantec Corporation Symantec Reporter Affected: 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8
    Create a notification for this product.
    Date Public
    2019-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:30:59.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
              },
              {
                "name": "106518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106518"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Reporter",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
                }
              ]
            }
          ],
          "datePublic": "2019-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-25T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
            },
            {
              "name": "106518",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106518"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2019-01-10T00:00:00",
              "ID": "CVE-2018-12237",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Reporter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS command injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1465.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
                },
                {
                  "name": "106518",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106518"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-12237",
        "datePublished": "2019-01-24T21:00:00.000Z",
        "dateReserved": "2018-06-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:28:04.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15531 (GCVE-0-2017-15531)

    Vulnerability from nvd – Published: 2018-01-23 20:00 – Updated: 2024-09-16 19:15
    VLAI
    Summary
    Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
    Severity
    No CVSS data available.
    CWE
    • Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Symantec Corporation Reporter Affected: 9.5 prior to 9.5.4.1
    Affected: 10.x prior to 10.2
    Create a notification for this product.
    Date Public
    2018-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:26.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102751"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reporter",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5 prior to 9.5.4.1"
                },
                {
                  "status": "affected",
                  "version": "10.x prior to 10.2"
                }
              ]
            }
          ],
          "datePublic": "2018-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users.  A remote attacker can use brute force search to guess a user password and gain access to Reporter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-03T14:57:02.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "102751",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102751"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-01-23T00:00:00",
              "ID": "CVE-2017-15531",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reporter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5 prior to 9.5.4.1"
                              },
                              {
                                "version_value": "10.x prior to 10.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users.  A remote attacker can use brute force search to guess a user password and gain access to Reporter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Restriction of Excessive Authentication Attempts"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102751",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102751"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2017-15531",
        "datePublished": "2018-01-23T20:00:00.000Z",
        "dateReserved": "2017-10-17T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:15:56.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12753 (GCVE-0-2019-12753)

    Vulnerability from cvelistv5 – Published: 2019-08-29 22:40 – Updated: 2024-08-04 23:32
    VLAI
    Summary
    An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Symantec Corporation Symantec Reporter Affected: Reporter 10.3 prior to 10.3.2.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:32:54.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Reporter",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Reporter 10.3 prior to 10.3.2.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-29T22:40:19.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "ID": "CVE-2019-12753",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Reporter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Reporter 10.3 prior to 10.3.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/us/en/article.SYMSA1489.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/us/en/article.SYMSA1489.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2019-12753",
        "datePublished": "2019-08-29T22:40:19.000Z",
        "dateReserved": "2019-06-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:32:54.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12237 (GCVE-0-2018-12237)

    Vulnerability from cvelistv5 – Published: 2019-01-24 21:00 – Updated: 2024-09-16 16:28
    VLAI
    Summary
    The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
    Severity
    No CVSS data available.
    CWE
    • OS command injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Symantec Corporation Symantec Reporter Affected: 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8
    Create a notification for this product.
    Date Public
    2019-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:30:59.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
              },
              {
                "name": "106518",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106518"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Symantec Reporter",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
                }
              ]
            }
          ],
          "datePublic": "2019-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-25T10:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
            },
            {
              "name": "106518",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106518"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2019-01-10T00:00:00",
              "ID": "CVE-2018-12237",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Symantec Reporter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS command injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1465.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1465.html"
                },
                {
                  "name": "106518",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106518"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-12237",
        "datePublished": "2019-01-24T21:00:00.000Z",
        "dateReserved": "2018-06-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:28:04.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15531 (GCVE-0-2017-15531)

    Vulnerability from cvelistv5 – Published: 2018-01-23 20:00 – Updated: 2024-09-16 19:15
    VLAI
    Summary
    Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
    Severity
    No CVSS data available.
    CWE
    • Improper Restriction of Excessive Authentication Attempts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Symantec Corporation Reporter Affected: 9.5 prior to 9.5.4.1
    Affected: 10.x prior to 10.2
    Create a notification for this product.
    Date Public
    2018-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:26.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102751"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reporter",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5 prior to 9.5.4.1"
                },
                {
                  "status": "affected",
                  "version": "10.x prior to 10.2"
                }
              ]
            }
          ],
          "datePublic": "2018-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users.  A remote attacker can use brute force search to guess a user password and gain access to Reporter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-03T14:57:02.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "102751",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102751"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-01-23T00:00:00",
              "ID": "CVE-2017-15531",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reporter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5 prior to 9.5.4.1"
                              },
                              {
                                "version_value": "10.x prior to 10.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users.  A remote attacker can use brute force search to guess a user password and gain access to Reporter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Restriction of Excessive Authentication Attempts"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102751",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102751"
                },
                {
                  "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158",
                  "refsource": "CONFIRM",
                  "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA158"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2017-15531",
        "datePublished": "2018-01-23T20:00:00.000Z",
        "dateReserved": "2017-10-17T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:15:56.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }