Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1524

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1524
Last Modified 06 Feb 2013 11:43:15
Published 28 Mar 2011 02:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1524

Summary

Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.

Vulnerable Systems

Application

  • Symantec Liveupdate Administrator 2.1.0

  • Symantec Liveupdate Administrator 2.1.2

  • Symantec Liveupdate Administrator 2.1.3

  • Symantec Liveupdate Administrator 2.2.1

  • Symantec Liveupdate Administrator 2.2.2

  • Symantec Liveupdate Administrator 2.2.2.9


References

XF - symantec-lua-gui-csrf(66213)

VUPEN - ADV-2011-0727

CONFIRM - http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00

BID - 46856

BUGTRAQ - 20110322 NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability

EXPLOIT-DB - 17026

MISC - http://sotiriu.de/adv/NSOADV-2011-001.txt

SECTRACK - 1025242

SREASON - 8166

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00


Last Updated: 27 May 2016 10:56:40