9.3
CVE-2011-0688
- EPSS 3.96%
- Veröffentlicht 31.01.2011 21:00:25
- Zuletzt bearbeitet 16.06.2026 23:27:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Symantec ≫ System Center Version10.0
Symantec ≫ System Center Version10.1
Symantec ≫ Antivirus Central Quarantine Server Version3.5
Symantec ≫ Antivirus Central Quarantine Server Version3.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.96% | 0.891 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://secunia.com/advisories/43099
http://www.securityfocus.com/bid/45936
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
http://www.vupen.com/english/advisories/2011/0234
http://securitytracker.com/id?1024996
https://exchange.xforce.ibmcloud.com/vulnerabilities/65071