Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:symantec:security_analytics:7.2.3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-30642 |
An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. Published: April 27, 2021; 11:15:07 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-12241 |
The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application. Published: November 27, 2018; 1:29:01 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |