CVE-2007-3021

3 documents3 sources

Severity

7.5HIGH

EPSS

1.0%

top 22.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Reporting Server Symantec Client Security Symantec Norton Antivirus

Timeline

PublishedJun 5

Latest updateMay 1

Description

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDsymantec/reporting_server1.0.197.0

▶NVDsymantec/client_security5 versions+4

▶NVDsymantec/norton_antivirus5 versions+4

Patches

Patch: www.symantec.com ↗Patch: www.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-j45j-wm3x-xr92: Symantec Reporting Server 1↗2022-05-01

▶

CVEList

CVE-2007-3021: Symantec Reporting Server 1↗2007-06-05

▶