Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability

BID:24313

Info

Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability

Bugtraq ID: 24313
Class: Access Validation Error
CVE: CVE-2007-3021
Remote: Yes
Local: No
Published: Jun 05 2007 12:00AM
Updated: Mar 13 2008 01:51AM
Credit: Ertunga Arsal of Tech Data GmbH & Co. OHG is credited with the discovery of this issue.
Vulnerable: Symantec Reporting Server 1.0.197.0
Symantec Client Security 3.1 .401
Symantec Client Security 3.1 .400
Symantec Client Security 3.1 .396
Symantec Client Security 3.1 .394
Symantec Client Security 3.1
Symantec AntiVirus Corporate Edition 10.1 .401
Symantec AntiVirus Corporate Edition 10.1 .400
Symantec AntiVirus Corporate Edition 10.1 .396
Symantec AntiVirus Corporate Edition 10.1 .394
Symantec AntiVirus Corporate Edition 10.1
Not Vulnerable: Symantec Reporting Server 1.0.224.0
Symantec Client Security 3.1.6.6000
Symantec AntiVirus Corporate Edition 10.1.6.6000

Discussion

Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability

Symantec System Center Reporting Server is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to execute malicious code on an affected server and gain the privileges of the user running the server. Successful attacks will compromise the application and possibly the underlying computer.

Reporting Server is distributed with Symantec AntiVirus Corporate Edition 10.1 and later and Symantec Client Security 3.1 and later.

Versions prior to Reporting Server 1.0.224.0, AntiVirus Corporate Edition 10.1.6.6000, and Client Security 3.1.6.6000 are vulnerable.

Exploit / POC

Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability

Solution:
Symantec has released an advisory and fixes to address this issue. Please see the references for more information.

References

Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report