Lucene search

[email protected]CVE-2018-12244

HistoryApr 25, 2019 - 7:29 p.m.

CVE-2018-12244

2019-04-2519:29:00

CWE-1236

[email protected]

web.nvd.nist.gov

cve-2018-12244

sep

mac client

vulnerability

csv

dde injection

formula injection

nvd

information security

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.3%

JSON

SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.

Affected configurations

NVD

Node

symantecendpoint_protectionMatch11.0macos

symantecendpoint_protectionMatch11.0mr1macos

symantecendpoint_protectionMatch11.0mr2macos

symantecendpoint_protectionMatch11.0mr3macos

symantecendpoint_protectionMatch11.0mr4macos

symantecendpoint_protectionMatch11.0mr4-mp2macos

symantecendpoint_protectionMatch11.0ru5macos

symantecendpoint_protectionMatch11.0ru6macos

symantecendpoint_protectionMatch11.0ru6-mp1macos

symantecendpoint_protectionMatch11.0ru6-mp2macos

symantecendpoint_protectionMatch11.0ru6-mp3macos

symantecendpoint_protectionMatch11.0ru6amacos

symantecendpoint_protectionMatch11.0ru7macos

symantecendpoint_protectionMatch11.0ru7-mp1macos

symantecendpoint_protectionMatch11.0ru7-mp2macos

symantecendpoint_protectionMatch11.0ru7-mp4macos

symantecendpoint_protectionMatch11.0ru7-mp4amacos

symantecendpoint_protectionMatch11.0ry7-mp3macos

symantecendpoint_protectionMatch12.1macos

symantecendpoint_protectionMatch12.1ru1macos

symantecendpoint_protectionMatch12.1ru1-mp1macos

symantecendpoint_protectionMatch12.1ru2macos

symantecendpoint_protectionMatch12.1ru2-mp1macos

symantecendpoint_protectionMatch12.1ru3macos

symantecendpoint_protectionMatch12.1ru4macos

symantecendpoint_protectionMatch12.1ru4-mp1macos

symantecendpoint_protectionMatch12.1ru4-mp1amacos

symantecendpoint_protectionMatch12.1ru4-mp1bmacos

symantecendpoint_protectionMatch12.1ru4amacos

symantecendpoint_protectionMatch12.1ru5macos

symantecendpoint_protectionMatch12.1ru6macos

symantecendpoint_protectionMatch12.1ru6-mp1mac_os_x

symantecendpoint_protectionMatch12.1ru6-mp10macos

symantecendpoint_protectionMatch12.1ru6-mp2macos

symantecendpoint_protectionMatch12.1ru6-mp3mac_os_x

symantecendpoint_protectionMatch12.1ru6-mp4macos

symantecendpoint_protectionMatch12.1ru6-mp5mac_os_x

symantecendpoint_protectionMatch12.1ru6-mp6macos

symantecendpoint_protectionMatch12.1ru6-mp7macos

symantecendpoint_protectionMatch12.1ru6-mp8macos

symantecendpoint_protectionMatch14macos

symantecendpoint_protectionMatch14mp1macos

symantecendpoint_protectionMatch14.0.0mp2macos

symantecendpoint_protectionMatch14.0.1macos

symantecendpoint_protectionMatch14.0.1mp1macos

symantecendpoint_protectionMatch14.0.1mp2macos

symantecendpoint_protectionMatch14.2macos

symantecendpoint_protectionMatch14.2mp1macos

CPENameOperatorVersion
symantec:endpoint_protectionsymantec endpoint protectioneq11.0
symantec:endpoint_protectionsymantec endpoint protectioneq12.1
symantec:endpoint_protectionsymantec endpoint protectioneq14
symantec:endpoint_protectionsymantec endpoint protectioneq14.0.0
symantec:endpoint_protectionsymantec endpoint protectioneq14.0.1
symantec:endpoint_protectionsymantec endpoint protectioneq14.2

CPE	Name	Operator	Version
symantec:endpoint_protection	symantec endpoint protection	eq	11.0
symantec:endpoint_protection	symantec endpoint protection	eq	12.1
symantec:endpoint_protection	symantec endpoint protection	eq	14
symantec:endpoint_protection	symantec endpoint protection	eq	14.0.0
symantec:endpoint_protection	symantec endpoint protection	eq	14.0.1
symantec:endpoint_protection	symantec endpoint protection	eq	14.2

CNA Affected

[
  {
    "product": "Symantec Endpoint Protection (Mac Client)",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to and including 12.1 RU6 MP9"
      },
      {
        "status": "affected",
        "version": "Prior to 14.2 RU1"
      }
    ]
  }
]

References

support.symantec.com/en_US/article.SYMSA1479.html

www.securityfocus.com/bid/107999

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for CVE-2018-12244

prion1 nvd1 cvelist1