3 matches found
CVE-2007-3021
Symantec Reporting Server before 1.0.224.0 (used with SCS 3.1 and SAV CE 10.1+) fails to initialize a critical variable during data export, allowing an attacker to manipulate the exported file to create arbitrary executable files. This could lead to remote code execution in the web server context...
CVE-2007-3022
Symantec Reporting Server (versions affected: 1.0.197.0 up to 1.0.224.0), used with Symantec Client Security 3.1 and SAV CE 10.1, discloses the password hash for a user after a failed login. This plaintext-like disclosure enables brute-force attempts and could let an attacker gain access to the R...
CVE-2007-3095
The vulnerability CVE-2007-3095 affects Symantec Reporting Server versions prior to 1.0.224.0 (including 1.0.197.0) as used with Symantec Client Security 3.1+ and SAV CE 10.1+. The issue is an authentication bypass that allows an attacker to disable authentication and access restricted functional...