CVE-2016-9092
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user.
Las consolas de administración Content Analysis (CA) versiones 1.3, 2.x anteriores a 2.2.1.1 y Mail Threat Defense (MTD) versión 1.1 de Symantec, son susceptibles a una vulnerabilidad de tipo cross-site request forging (CSRF). Un atacante remoto puede usar phishing u otras técnicas de ingeniería social para acceder a la consola de administración con los privilegios de un usuario administrador autenticado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-28 CVE Reserved
- 2017-05-11 CVE Published
- 2024-07-12 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104182 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.symantec.com/security-center/network-protection-security-advisories/SA149 | 2018-05-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Symantec Search vendor "Symantec" | Content Analysis Search vendor "Symantec" for product "Content Analysis" | 1.3 Search vendor "Symantec" for product "Content Analysis" and version "1.3" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Content Analysis Search vendor "Symantec" for product "Content Analysis" | 2.1 Search vendor "Symantec" for product "Content Analysis" and version "2.1" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Mail Threat Defense Search vendor "Symantec" for product "Mail Threat Defense" | 1.1 Search vendor "Symantec" for product "Mail Threat Defense" and version "1.1" | - |
Affected
|