Sign-up

ID

VAR-200706-0313


CVE

CVE-2007-3095


TITLE

Symantec Client Security and SAV CE Used in etc. Symantec Reporting Server In " The authentication system is disabled " Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-005648

DESCRIPTION

Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors. Symantec Reporting Server Is " The authentication system is disabled " There are vulnerabilities that prevent authentication.By the attacker, " The authentication system is disabled " , And authentication could be bypassed. Symantec Reporting Server is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain access to the reporting database

Trust: 1.98

sources: NVD: CVE-2007-3095 // JVNDB: JVNDB-2007-005648 // BID: 24325 // VULHUB: VHN-26457

AFFECTED PRODUCTS

vendor:symantecmodel:client securityscope:eqversion:3.1.401

Trust: 1.9

vendor:symantecmodel:client securityscope:eqversion:3.1.396

Trust: 1.9

vendor:symantecmodel:client securityscope:eqversion:3.1.394

Trust: 1.9

vendor:symantecmodel:client securityscope:eqversion:3.1

Trust: 1.9

vendor:symantecmodel:norton antivirusscope:eqversion:10.0.2.2021

Trust: 1.6

vendor:symantecmodel:norton antivirusscope:eqversion:10.1.401

Trust: 1.6

vendor:symantecmodel:norton antivirusscope:eqversion:10.1

Trust: 1.6

vendor:symantecmodel:norton antivirusscope:eqversion:10.1.400

Trust: 1.6

vendor:symantecmodel:norton antivirusscope:eqversion:10.1.396

Trust: 1.6

vendor:symantecmodel:client securityscope:eqversion:3.1.400

Trust: 1.3

vendor:symantecmodel:reporting serverscope:lteversion:1.0.197.0

Trust: 1.0

vendor:symantecmodel:reporting serverscope:eqversion:1.0.197.0

Trust: 0.9

vendor:symantecmodel:client securityscope:eqversion:3.1 and later

Trust: 0.8

vendor:symantecmodel:norton antivirusscope:eqversion:corporate edition (sav ce) 10.1 and later

Trust: 0.8

vendor:symantecmodel:reporting serverscope:ltversion:1.0.197.0 and 1.0.224.0

Trust: 0.8

vendor:symantecmodel:antivirus corporate editionscope:eqversion:10.1.401

Trust: 0.3

vendor:symantecmodel:antivirus corporate editionscope:eqversion:10.1.400

Trust: 0.3

vendor:symantecmodel:antivirus corporate editionscope:eqversion:10.1.396

Trust: 0.3

vendor:symantecmodel:antivirus corporate editionscope:eqversion:10.1.394

Trust: 0.3

vendor:symantecmodel:antivirus corporate editionscope:eqversion:10.1

Trust: 0.3

vendor:symantecmodel:reporting serverscope:neversion:1.0.224.0

Trust: 0.3

vendor:symantecmodel:client securityscope:neversion:3.1.6.6000

Trust: 0.3

vendor:symantecmodel:antivirus corporate editionscope:neversion:10.1.6.600

Trust: 0.3

sources: BID: 24325 // JVNDB: JVNDB-2007-005648 // CNNVD: CNNVD-200706-080 // NVD: CVE-2007-3095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3095
value: HIGH

Trust: 1.0

NVD: CVE-2007-3095
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200706-080
value: CRITICAL

Trust: 0.6

VULHUB: VHN-26457
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3095
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26457
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26457 // JVNDB: JVNDB-2007-005648 // CNNVD: CNNVD-200706-080 // NVD: CVE-2007-3095

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3095

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-080

TYPE

Design Error

Trust: 0.9

sources: BID: 24325 // CNNVD: CNNVD-200706-080

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-005648

PATCH
title:SYM07-011url:http://www.symantec.com/avcenter/security/Content/2007.06.05.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-005648

EXTERNAL IDS
db:NVDid:CVE-2007-3095
Trust: 2.8
db:BIDid:24325
Trust: 2.0
db:SECTRACKid:1018196
Trust: 1.7
db:VUPENid:ADV-2007-2074
Trust: 1.7
db:SECUNIAid:25543
Trust: 1.7
db:OSVDBid:36107
Trust: 1.7
db:JVNDBid:JVNDB-2007-005648
Trust: 0.8
db:XFid:34895
Trust: 0.6
db:CNNVDid:CNNVD-200706-080
Trust: 0.6
db:VULHUBid:VHN-26457
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26457 // 
            
            
            
            BID: 24325 // 
            
            
            
            JVNDB: JVNDB-2007-005648 // 
            
            
            
            CNNVD: CNNVD-200706-080 // 
            
            
            
            NVD: CVE-2007-3095

REFERENCES
url:http://www.symantec.com/avcenter/security/content/2007.06.05.html
Trust: 2.0
url:http://www.securityfocus.com/bid/24325
Trust: 1.7
url:http://osvdb.org/36107
Trust: 1.7
url:http://www.securitytracker.com/id?1018196
Trust: 1.7
url:http://secunia.com/advisories/25543
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/2074
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34895
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3095
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3095
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/34895
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/2074
Trust: 0.6
url:http://www.symantec.com/smb/products/overview.jsp?pcid=end_sec&pvid=scs31
Trust: 0.3
url:http://www.symantec.com/enterprise/products/sysreq.jsp?pcid=1322&pvid=805_1
Trust: 0.3
url:/archive/1/470606
Trust: 0.3
sources:
            
            
            VULHUB: VHN-26457 // 
            
            
            
            BID: 24325 // 
            
            
            
            JVNDB: JVNDB-2007-005648 // 
            
            
            
            CNNVD: CNNVD-200706-080 // 
            
            
            
            NVD: CVE-2007-3095

CREDITS
Symantec
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200706-080

SOURCES
db:VULHUBid:VHN-26457
db:BIDid:24325
db:JVNDBid:JVNDB-2007-005648
db:CNNVDid:CNNVD-200706-080
db:NVDid:CVE-2007-3095

LAST UPDATE DATE
2024-08-14T14:08:08.916000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26457date:2017-07-29T00:00:00
db:BIDid:24325date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-005648date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200706-080date:2007-06-07T00:00:00
db:NVDid:CVE-2007-3095date:2017-07-29T01:31:58.440

SOURCES RELEASE DATE
db:VULHUBid:VHN-26457date:2007-06-06T00:00:00
db:BIDid:24325date:2007-06-05T00:00:00
db:JVNDBid:JVNDB-2007-005648date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200706-080date:2007-06-06T00:00:00
db:NVDid:CVE-2007-3095date:2007-06-06T22:30:00