CVE-2009-1432
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.
Symantec Reporting Server, utilizado en Symantec AntiVirus (SAV) Corporate Edition v10.1 anterior a v10.1 MR8 y v10,2 antes de v10.2 MR2, Symantec Client Security (SCS), antes de v3.1 MR8, y el componente Symantec Endpoint Protection Manager (SEPM) en Symantec Endpoint Protection (SEP) anterior a v11.0 MR2, permite a atacantes remotos inyectar texto arbitrario en la pantalla de inicio de sesión y, posiblemente, realizar ataques de phishing, a través de vectores relacionados con un URL que no está bien manejada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-04-24 CVE Reserved
- 2009-04-30 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/34856 | Third Party Advisory | |
http://secunia.com/advisories/34935 | Third Party Advisory | |
http://securitytracker.com/id?1022136 | Third Party Advisory | |
http://securitytracker.com/id?1022137 | Third Party Advisory | |
http://securitytracker.com/id?1022138 | Third Party Advisory | |
http://www.securityfocus.com/bid/34668 | Third Party Advisory | |
http://www.vupen.com/english/advisories/2009/1202 | Third Party Advisory | |
http://www.vupen.com/english/advisories/2009/1204 | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/50172 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.1 Search vendor "Symantec" for product "Antivirus" and version "10.1" | corporate |
Affected
| ||||||
Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.1 Search vendor "Symantec" for product "Antivirus" and version "10.1" | maintenance_release7, corporate |
Affected
| ||||||
Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.2 Search vendor "Symantec" for product "Antivirus" and version "10.2" | corporate |
Affected
| ||||||
Symantec Search vendor "Symantec" | Antivirus Search vendor "Symantec" for product "Antivirus" | 10.2 Search vendor "Symantec" for product "Antivirus" and version "10.2" | maintenance_release1, corporate |
Affected
| ||||||
Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.1 Search vendor "Symantec" for product "Client Security" and version "3.1" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Client Security Search vendor "Symantec" for product "Client Security" | 3.1 Search vendor "Symantec" for product "Client Security" and version "3.1" | maintenance_release7 |
Affected
| ||||||
Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | 11.0 Search vendor "Symantec" for product "Endpoint Protection" and version "11.0" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | 11.0 Search vendor "Symantec" for product "Endpoint Protection" and version "11.0" | maintenance_release1 |
Affected
|