Lucene search

[email protected]CVE-2011-0545

HistoryMar 28, 2011 - 4:55 p.m.

CVE-2011-0545

2011-03-2816:55:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2011-0545

csrf

symantec liveupdate administrator

security vulnerability

authentication hijacking

remote attack

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.

CPENameOperatorVersion
symantec:liveupdate_administratorsymantec liveupdate administratoreq2.2.2.9

CPE	Name	Operator	Version
symantec:liveupdate_administrator	symantec liveupdate administrator	eq	2.2.2.9

References

secunia.com/advisories/43820

securityreason.com/securityalert/8160

securitytracker.com/id?1025242

sotiriu.de/adv/NSOADV-2011-001.txt

www.exploit-db.com/exploits/17026

www.osvdb.org/71261

www.securityfocus.com/archive/1/517109/100/0/threaded

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00

www.vupen.com/english/advisories/2011/0727

exchange.xforce.ibmcloud.com/vulnerabilities/66213

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2011-0545

securityvulns2 seebug1 packetstorm1 prion2 symantec1 cve1 nessus1