// For flags

CVE-2007-3022

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.

Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como se usan en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus corporate Edition (SAV CE) 10.1 y posteriores, muestra el resumen (hash) de la contraseƱa para un usuario tras un intento de acceso fallido, lo cual facilita a atacantes remotos llevar a cabo ataques de fuerza bruta.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-06-04 CVE Reserved
  • 2007-06-05 CVE Published
  • 2024-07-31 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.1
Search vendor "Symantec" for product "Client Security" and version "3.1"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.1.394
Search vendor "Symantec" for product "Client Security" and version "3.1.394"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.1.396
Search vendor "Symantec" for product "Client Security" and version "3.1.396"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.1.400
Search vendor "Symantec" for product "Client Security" and version "3.1.400"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.1.401
Search vendor "Symantec" for product "Client Security" and version "3.1.401"
-
Affected
Symantec
Search vendor "Symantec"
Norton Antivirus
Search vendor "Symantec" for product "Norton Antivirus"
10.0.2.2021
Search vendor "Symantec" for product "Norton Antivirus" and version "10.0.2.2021"
corporate
Affected
Symantec
Search vendor "Symantec"
Norton Antivirus
Search vendor "Symantec" for product "Norton Antivirus"
10.1
Search vendor "Symantec" for product "Norton Antivirus" and version "10.1"
corporate
Affected
Symantec
Search vendor "Symantec"
Norton Antivirus
Search vendor "Symantec" for product "Norton Antivirus"
10.1.396
Search vendor "Symantec" for product "Norton Antivirus" and version "10.1.396"
corporate
Affected
Symantec
Search vendor "Symantec"
Norton Antivirus
Search vendor "Symantec" for product "Norton Antivirus"
10.1.400
Search vendor "Symantec" for product "Norton Antivirus" and version "10.1.400"
corporate
Affected
Symantec
Search vendor "Symantec"
Norton Antivirus
Search vendor "Symantec" for product "Norton Antivirus"
10.1.401
Search vendor "Symantec" for product "Norton Antivirus" and version "10.1.401"
corporate
Affected
Symantec
Search vendor "Symantec"
Reporting Server
Search vendor "Symantec" for product "Reporting Server"
<= 1.0.197.0
Search vendor "Symantec" for product "Reporting Server" and version " <= 1.0.197.0"
-
Affected