Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3030

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-3030
Last Modified 06 Feb 2013 11:21:28
Published 15 Oct 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3030

Summary

Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue."

Vulnerable Systems

Application

  • Symantec Securityexpressions Audit And Compliance Server 4.1

  • Symantec Securityexpressions Audit And Compliance Server 4.1.1


References

CONFIRM - http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00

BID - 36571

XF - securityexpressions-error-response-xss(53669)

VUPEN - ADV-2009-2849

OSVDB - 58650

SECTRACK - 1022989

SECUNIA - 36972

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00


Last Updated: 27 May 2016 10:51:50