CVE-2011-0551

{"id": "CVE-2011-0551", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-08-15T19:55:03.657", "references": [{"url": "http://secunia.com/advisories/43662", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1025919", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/74467", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/49101", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43662", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1025919", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/74467", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/49101", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts."}, {"lang": "es", "value": "Vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Web Interface en el Endpoint Protection Manager en Symantec Endpoint Protection (SEP) v11.0.600x hasta v11.0.6300, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para las peticiones que crean cuentas administrativas."}], "lastModified": "2024-11-21T01:24:16.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74A97619-5D8B-4634-BFA6-F73285865823"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CF5F84C-91C1-4395-B988-9F9E4F87D8B9"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0C0EFA7-71FE-48C9-97D3-F414F49DB495"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142BCA40-386C-4498-BECB-22BC07B240DD"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD725528-A19A-465E-B427-EF426104B7AF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}