CVE-2017-15531

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
2.8%
top 13.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec ReporterSymantec Corporation Reporter
Timeline
PublishedJan 23
Latest updateMay 14

Description

Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDsymantec/reporter9.59.5.4.1+1
CVEListV5symantec_corporation/reporter10.x prior to 10.2, 9.5 prior to 9.5.4.1+1

🔴Vulnerability Details

2
GHSA
GHSA-fv7w-fx4g-v68c: Symantec Reporter 92022-05-14
CVEList
CVE-2017-15531: Symantec Reporter 92018-01-23
CVE-2017-15531 (CRITICAL CVSS 9.8) | Symantec Reporter 9.5 prior to 9.5. | cvebase.io