CVE-2011-0545

Name of the Vulnerable Software and Affected Versions Symantec LiveUpdate Administrator versions prior to 2.3

Description A cross-site request forgery issue affects the adduser.do endpoint, allowing remote attackers to hijack administrator authentication for creating new administrative accounts, potentially having other unspecified impacts. The userRole parameter is involved in this issue.

Recommendations For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the adduser.do endpoint to minimize the risk of exploitation. Avoid using the userRole parameter in the affected endpoint until the issue is resolved.