Rapid7 Vulnerability & Exploit Database

Symantec Endpoint Protection: Symantec Reporting Server Improper URL Handling Exposure (CVE-2009-1432)

Back to Search

Symantec Endpoint Protection: Symantec Reporting Server Improper URL Handling Exposure (CVE-2009-1432)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
04/30/2009
Created
11/22/2019
Added
11/19/2019
Modified
09/01/2021

Description

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

Solution(s)

  • symantec-endpoint-protection-upgrade-11_0_2000_1567

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;