Vulnerability Details CVE-2006-3072
M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.7%
CVSS Severity
CVSS v2 Score 4.6
References
- http://secunia.com/advisories/20647
- http://securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html
- http://securitytracker.com/id?1016296
- http://www.securityfocus.com/bid/18420
- http://www.vupen.com/english/advisories/2006/2334
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27105
- http://secunia.com/advisories/20647
- http://securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html
- http://securitytracker.com/id?1016296
- http://www.securityfocus.com/bid/18420
- http://www.vupen.com/english/advisories/2006/2334
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27105
Products affected by CVE-2006-3072
-
cpe:2.3:a:symantec:security_information_manager:4.0.2
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.1
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.10
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.11
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.12
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.13
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.14
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.15
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.16
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.17
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.18
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.19
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.2
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.20
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.21
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.22
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.23
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.24
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.25
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.26
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.27
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.28
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.29
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.3
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.4
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.5
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.6
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.7
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.8
-
cpe:2.3:a:symantec:security_information_manager:4.0.2.9