CVE-2011-0551
Published Aug 15, 2011
Last updated 12 years ago
Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74A97619-5D8B-4634-BFA6-F73285865823"
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CF5F84C-91C1-4395-B988-9F9E4F87D8B9"
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0C0EFA7-71FE-48C9-97D3-F414F49DB495"
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "142BCA40-386C-4498-BECB-22BC07B240DD"
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD725528-A19A-465E-B427-EF426104B7AF"
}
],
"operator": "OR"
}
]
}
]