6.8

CVE-2011-0551

Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SymantecEndpoint Protection Version11.0.6000
SymantecEndpoint Protection Version11.0.6100
SymantecEndpoint Protection Version11.0.6200
SymantecEndpoint Protection Version11.0.6200.754
SymantecEndpoint Protection Version11.0.6300
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.64% 0.459
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://secunia.com/advisories/43662
Vendor Advisory
http://securitytracker.com/id?1025919
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00
http://www.osvdb.org/74467
http://www.securityfocus.com/bid/49101