PT-2018-11070 · Symantec · Symantec Security Analytics

Published

2018-11-27

Updated

2019-02-11

CVE-2018-12241

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Symantec Security Analytics (SA) versions prior to 7.3.4

Description The issue allows a remote attacker to craft a malicious URL for the SA web UI, targeting users with phishing attacks or social engineering techniques. A successful attack enables injecting malicious JavaScript code into the SA web UI client application.

Recommendations For Symantec Security Analytics (SA) versions prior to 7.3.4, update to version 7.3.4 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-12241

Affected Products

Symantec Security Analytics

PT-2018-11070 · Symantec · Symantec Security Analytics

CVE-2018-12241

Weakness Enumeration

Related Identifiers

Affected Products

References · 4