Lucene search

[email protected]CVE-2007-3022

HistoryJun 05, 2007 - 9:30 p.m.

CVE-2007-3022

2007-06-0521:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

symantec

reporting server

cve-2007-3022

password hash disclosure

security vulnerability

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.029 Low

EPSS

Percentile

90.6%

JSON

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.

CPENameOperatorVersion
symantec:norton_antivirussymantec norton antiviruseq10.1
symantec:norton_antivirussymantec norton antiviruseq10.1.400
symantec:norton_antivirussymantec norton antiviruseq10.1.401
symantec:client_securitysymantec client securityeq3.1.396
symantec:norton_antivirussymantec norton antiviruseq10.1.396
symantec:client_securitysymantec client securityeq3.1.401
symantec:client_securitysymantec client securityeq3.1.400
symantec:reporting_serversymantec reporting serverle1.0.197.0
symantec:client_securitysymantec client securityeq3.1
symantec:client_securitysymantec client securityeq3.1.394

CPE	Name	Operator	Version
symantec:norton_antivirus	symantec norton antivirus	eq	10.1
symantec:norton_antivirus	symantec norton antivirus	eq	10.1.400
symantec:norton_antivirus	symantec norton antivirus	eq	10.1.401
symantec:client_security	symantec client security	eq	3.1.396
symantec:norton_antivirus	symantec norton antivirus	eq	10.1.396
symantec:client_security	symantec client security	eq	3.1.401
symantec:client_security	symantec client security	eq	3.1.400
symantec:reporting_server	symantec reporting server	le	1.0.197.0
symantec:client_security	symantec client security	eq	3.1
symantec:client_security	symantec client security	eq	3.1.394

Rows per page:

1-10 of 111

References

osvdb.org/36108

secunia.com/advisories/25543

www.securityfocus.com/bid/24312

www.securitytracker.com/id?1018196

www.symantec.com/avcenter/security/Content/2007.06.05.html

www.vupen.com/english/advisories/2007/2074

exchange.xforce.ibmcloud.com/vulnerabilities/34740

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.029 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2007-3022

prion1 securityvulns3 symantec1 nessus1