Vulnerability Details CVE-2007-3022
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 73.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/36108
- http://secunia.com/advisories/25543
- http://www.securityfocus.com/bid/24312
- http://www.securitytracker.com/id?1018196
- http://www.symantec.com/avcenter/security/Content/2007.06.05.html
- http://www.vupen.com/english/advisories/2007/2074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34740
- http://osvdb.org/36108
- http://secunia.com/advisories/25543
- http://www.securityfocus.com/bid/24312
- http://www.securitytracker.com/id?1018196
- http://www.symantec.com/avcenter/security/Content/2007.06.05.html
- http://www.vupen.com/english/advisories/2007/2074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34740
Products affected by CVE-2007-3022
-
cpe:2.3:a:symantec:client_security:3.1
-
cpe:2.3:a:symantec:client_security:3.1.394
-
cpe:2.3:a:symantec:client_security:3.1.396
-
cpe:2.3:a:symantec:client_security:3.1.400
-
cpe:2.3:a:symantec:client_security:3.1.401
-
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021
-
cpe:2.3:a:symantec:norton_antivirus:10.1
-
cpe:2.3:a:symantec:norton_antivirus:10.1.396
-
cpe:2.3:a:symantec:norton_antivirus:10.1.400
-
cpe:2.3:a:symantec:norton_antivirus:10.1.401
-
cpe:2.3:a:symantec:reporting_server:-
-
cpe:2.3:a:symantec:reporting_server:1.0.197.0