PT-2007-4315 · Symantec · Symantec Antivirus Corporate Edition+2
Published
2007-06-05
·
Updated
2017-07-29
·
CVE-2007-3022
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Symantec Reporting Server versions 1.0.197.0 through 1.0.223.0
Symantec Client Security versions 3.1 and later (affected versions not specified)
Symantec AntiVirus Corporate Edition (SAV CE) versions 10.1 and later (affected versions not specified)
Description:
The issue allows remote attackers to more easily conduct brute force attacks due to the display of a user's password hash after a failed login attempt.
Recommendations:
For Symantec Reporting Server versions 1.0.197.0 through 1.0.223.0, update to version 1.0.224.0 or later.
For Symantec Client Security and Symantec AntiVirus Corporate Edition, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Symantec Antivirus Corporate Edition
Symantec Client Security
Symantec Reporting Server