7.5 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.7%
Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.
CPE | Name | Operator | Version |
---|---|---|---|
symantec:liveupdate_administrator | symantec liveupdate administrator | eq | 2.2.2.9 |
secunia.com/advisories/43820
securityreason.com/securityalert/8160
securitytracker.com/id?1025242
sotiriu.de/adv/NSOADV-2011-001.txt
www.exploit-db.com/exploits/17026
www.osvdb.org/71261
www.securityfocus.com/archive/1/517109/100/0/threaded
www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00
www.vupen.com/english/advisories/2011/0727
exchange.xforce.ibmcloud.com/vulnerabilities/66213