10

CVE-2011-3478

EPSS 52.9%
Published 25.01.2012 15:55:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Pcanywhere Version12.5

Symantec ≫ Pcanywhere Version12.5 Updatesp1

Symantec ≫ Pcanywhere Version12.5 Updatesp2

Symantec ≫ Pcanywhere Version12.5 Updatesp3

Symantec ≫ Pcanywhere Version12.5.539

Symantec ≫ Pcanywhere Version12.6.65

Symantec ≫ Pcanywhere Version12.6.65 Updatesp1

Symantec ≫ Pcanywhere Version12.6.7580

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	52.9%	0.979

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://osvdb.org/show/osvdb/78532

http://secunia.com/advisories/48092

http://www.securityfocus.com/bid/51592

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-12-018/

https://www.exploit-db.com/exploits/38599/

https://nvd.nist.gov/vuln/detail/CVE-2011-3478

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-3478

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-3478

EUVD