CVE-2019-12753

EPSS 0.35%
Published 30.08.2019 09:15:18
Last modified 21.11.2024 04:23:30
Source secure@symantec.com
Teams watchlist Login
Open Login

An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Reporter Version >= 10.3 < 10.3.2.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.544

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

https://support.symantec.com/us/en/article.SYMSA1489.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12753

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12753

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12753

EUVD