// For flags

CVE-2009-1432

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

Symantec Reporting Server, utilizado en Symantec AntiVirus (SAV) Corporate Edition v10.1 anterior a v10.1 MR8 y v10,2 antes de v10.2 MR2, Symantec Client Security (SCS), antes de v3.1 MR8, y el componente Symantec Endpoint Protection Manager (SEPM) en Symantec Endpoint Protection (SEP) anterior a v11.0 MR2, permite a atacantes remotos inyectar texto arbitrario en la pantalla de inicio de sesión y, posiblemente, realizar ataques de phishing, a través de vectores relacionados con un URL que no está bien manejada.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-04-24 CVE Reserved
  • 2009-04-30 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.1
Search vendor "Symantec" for product "Antivirus" and version "10.1"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.1
Search vendor "Symantec" for product "Antivirus" and version "10.1"
maintenance_release7, corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.2
Search vendor "Symantec" for product "Antivirus" and version "10.2"
corporate
Affected
Symantec
Search vendor "Symantec"
Antivirus
Search vendor "Symantec" for product "Antivirus"
10.2
Search vendor "Symantec" for product "Antivirus" and version "10.2"
maintenance_release1, corporate
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.1
Search vendor "Symantec" for product "Client Security" and version "3.1"
-
Affected
Symantec
Search vendor "Symantec"
Client Security
Search vendor "Symantec" for product "Client Security"
3.1
Search vendor "Symantec" for product "Client Security" and version "3.1"
maintenance_release7
Affected
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
11.0
Search vendor "Symantec" for product "Endpoint Protection" and version "11.0"
-
Affected
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
11.0
Search vendor "Symantec" for product "Endpoint Protection" and version "11.0"
maintenance_release1
Affected