CVE-2017-15531

Published: Jan 23, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.

Affected (2)

Products: Symantec: Reporter

Symantec

1 product

Reporter

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Symantec Reporter	From 9.5 to 9.5.4.1
Symantec Reporter	Version 10.1

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www.securityfocus.com/bid/102751

Source: secure@symantec.com

Third Party AdvisoryVDB Entry

https://www.symantec.com/security-center/network-protection-security-advisories/SA158

Source: secure@symantec.com

Vendor Advisory

http://www.securityfocus.com/bid/102751

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.symantec.com/security-center/network-protection-security-advisories/SA158

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.