CVE-2009-1432
Summary
| CVE | CVE-2009-1432 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-04-30 20:30:00 UTC |
| Updated | 2019-07-26 14:02:00 UTC |
| Description | Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Symantec | Antivirus | 10.1 | - | All | All |
| Application | Symantec | Antivirus | 10.1 | maintenance_release7 | All | All |
| Application | Symantec | Antivirus | 10.2 | - | All | All |
| Application | Symantec | Antivirus | 10.2 | maintenance_release1 | All | All |
| Application | Symantec | Antivirus | 10.1 | - | All | All |
| Application | Symantec | Antivirus | 10.1 | maintenance_release7 | All | All |
| Application | Symantec | Antivirus | 10.2 | - | All | All |
| Application | Symantec | Antivirus | 10.2 | maintenance_release1 | All | All |
| Application | Symantec | Client Security | 3.1 | - | All | All |
| Application | Symantec | Client Security | 3.1 | maintenance_release7 | All | All |
| Application | Symantec | Client Security | 3.1 | - | All | All |
| Application | Symantec | Client Security | 3.1 | maintenance_release7 | All | All |
| Application | Symantec | Endpoint Protection | 11.0 | - | All | All |
| Application | Symantec | Endpoint Protection | 11.0 | maintenance_release1 | All | All |
| Application | Symantec | Endpoint Protection | 11.0 | - | All | All |
| Application | Symantec | Endpoint Protection | 11.0 | maintenance_release1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Symantec Reporting Server URL Handling Phishing Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Third Party Advisory |
| SecurityTracker.com Archives - Symantec Client Security Bug in Reporting Server Lets Remote Users Display Arbitrary Messages | SECTRACK | securitytracker.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Third Party Advisory |
| Symantec Products Alert Management System 2 Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Third Party Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| Security Updates Detail | CONFIRM | www.symantec.com | Vendor Advisory |
| Symantec Products Reporting Server URL Handling Weakness - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Third Party Advisory |
| SecurityTracker.com Archives - Symantec Anti Virus Corporate Edition Bug in Reporting Server Lets Remote Users Display Arbitrary Messages | SECTRACK | securitytracker.com | Third Party Advisory, VDB Entry |
| Symantec Endpoint Protection Bug in Reporting Server Lets Remote Users Display Arbitrary Messages - SecurityTracker | SECTRACK | securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.