CVE-2009-1432

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
symantecantivirus
10.1
symantecantivirus
10.1:maintenance_release7
symantecantivirus
10.2
symantecantivirus
10.2:maintenance_release1
symantecclient_security
3.1
symantecclient_security
3.1:maintenance_release7
symantecendpoint_protection
11.0
symantecendpoint_protection
11.0:maintenance_release1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/34856
http://secunia.com/advisories/34935
http://securitytracker.com/id?1022136
http://securitytracker.com/id?1022137
http://securitytracker.com/id?1022138
http://www.securityfocus.com/bid/34668
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00
http://www.vupen.com/english/advisories/2009/1202
http://www.vupen.com/english/advisories/2009/1204
https://exchange.xforce.ibmcloud.com/vulnerabilities/50172
http://secunia.com/advisories/34856
http://secunia.com/advisories/34935
http://securitytracker.com/id?1022136
http://securitytracker.com/id?1022137
http://securitytracker.com/id?1022138
http://www.securityfocus.com/bid/34668
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00
http://www.vupen.com/english/advisories/2009/1202
http://www.vupen.com/english/advisories/2009/1204
https://exchange.xforce.ibmcloud.com/vulnerabilities/50172