PT-2021-18782 · Symantec · Symantec Security Analytics

Published

2021-04-27

Updated

2021-05-07

CVE-2021-30642

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec Security Analytics versions 7.2 prior to 7.2.7 Symantec Security Analytics version 8.1 prior to 8.1.3-NSR3 Symantec Security Analytics version 8.2 prior to 8.2.1-NSR2 or 8.2.2

Description An input validation flaw in the web UI allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.

Recommendations For version 7.2, update to 7.2.7 or later to resolve the issue. For version 8.1, update to 8.1.3-NSR3 or later to resolve the issue. For version 8.2, update to 8.2.1-NSR2, 8.2.2, or later to resolve the issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-30642

Affected Products

Symantec Security Analytics

PT-2021-18782 · Symantec · Symantec Security Analytics

CVE-2021-30642

Weakness Enumeration

Related Identifiers

Affected Products

References · 3