CVE-2011-0551

2011-08-1519:55:03

CWE-352

[email protected]

web.nvd.nist.gov

cve-2011-0551

csrf

vulnerability

symantec

endpoint protection

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.8%

JSON

Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

Affected configurations

NVD

Node

symantecendpoint_protectionMatch11.0.6000

symantecendpoint_protectionMatch11.0.6100

symantecendpoint_protectionMatch11.0.6200

symantecendpoint_protectionMatch11.0.6200.754

symantecendpoint_protectionMatch11.0.6300

CPENameOperatorVersion
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6000
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6100
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6200
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6200.754
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6300

CPE	Name	Operator	Version
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6000
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6100
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6200
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6200.754
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6300