CVE-2006-3072

EPSS 0.08%
Published 19.06.2006 10:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Security Information Manager Version4.0.2

Symantec ≫ Security Information Manager Version4.0.2.1

Symantec ≫ Security Information Manager Version4.0.2.2

Symantec ≫ Security Information Manager Version4.0.2.3

Symantec ≫ Security Information Manager Version4.0.2.4

Symantec ≫ Security Information Manager Version4.0.2.5

Symantec ≫ Security Information Manager Version4.0.2.6

Symantec ≫ Security Information Manager Version4.0.2.7

Symantec ≫ Security Information Manager Version4.0.2.8

Symantec ≫ Security Information Manager Version4.0.2.9

Symantec ≫ Security Information Manager Version4.0.2.10

Symantec ≫ Security Information Manager Version4.0.2.11

Symantec ≫ Security Information Manager Version4.0.2.12

Symantec ≫ Security Information Manager Version4.0.2.13

Symantec ≫ Security Information Manager Version4.0.2.14

Symantec ≫ Security Information Manager Version4.0.2.15

Symantec ≫ Security Information Manager Version4.0.2.16

Symantec ≫ Security Information Manager Version4.0.2.17

Symantec ≫ Security Information Manager Version4.0.2.18

Symantec ≫ Security Information Manager Version4.0.2.19

Symantec ≫ Security Information Manager Version4.0.2.20

Symantec ≫ Security Information Manager Version4.0.2.21

Symantec ≫ Security Information Manager Version4.0.2.22

Symantec ≫ Security Information Manager Version4.0.2.23

Symantec ≫ Security Information Manager Version4.0.2.24

Symantec ≫ Security Information Manager Version4.0.2.25

Symantec ≫ Security Information Manager Version4.0.2.26

Symantec ≫ Security Information Manager Version4.0.2.27

Symantec ≫ Security Information Manager Version4.0.2.28

Symantec ≫ Security Information Manager Version4.0.2.29

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.201

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/20647

Patch

Vendor Advisory

http://securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html

http://securitytracker.com/id?1016296

Patch

http://www.securityfocus.com/bid/18420

http://www.vupen.com/english/advisories/2006/2334

https://exchange.xforce.ibmcloud.com/vulnerabilities/27105

https://nvd.nist.gov/vuln/detail/CVE-2006-3072

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3072

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3072

EUVD