Rapid7 Vulnerability & Exploit Database

Symantec Endpoint Protection: Symantec Reporting Server Improper URL Handling Exposure (CVE-2009-1432)

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Symantec Endpoint Protection: Symantec Reporting Server Improper URL Handling Exposure (CVE-2009-1432)

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

04/30/2009

Created

11/22/2019

Added

11/19/2019

Modified

09/01/2021

Description

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

Solution(s)

symantec-endpoint-protection-upgrade-11_0_2000_1567

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Symantec Endpoint Protection: Symantec Reporting Server Improper URL Handling Exposure (CVE-2009-1432)

Symantec Endpoint Protection: Symantec Reporting Server Improper URL Handling Exposure (CVE-2009-1432)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.