cvelistv5 - CVE-2007-3021

CVE-2007-3021

Vulnerability from cvelistv5

Published

2007-06-05 21:00

Modified

2024-08-07 13:57

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/36109
cve@mitre.org	http://secunia.com/advisories/25543
cve@mitre.org	http://www.securityfocus.com/bid/24313
cve@mitre.org	http://www.securitytracker.com/id?1018196
cve@mitre.org	http://www.symantec.com/avcenter/security/Content/2007.06.05a.html	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2074
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34744
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36109
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25543
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24313
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018196
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/avcenter/security/Content/2007.06.05a.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2074
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34744

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:54.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
          },
          {
            "name": "24313",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24313"
          },
          {
            "name": "36109",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36109"
          },
          {
            "name": "1018196",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018196"
          },
          {
            "name": "ADV-2007-2074",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2074"
          },
          {
            "name": "symantec-reporting-code-execution(34744)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
          },
          {
            "name": "25543",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25543"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
        },
        {
          "name": "24313",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24313"
        },
        {
          "name": "36109",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36109"
        },
        {
          "name": "1018196",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018196"
        },
        {
          "name": "ADV-2007-2074",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2074"
        },
        {
          "name": "symantec-reporting-code-execution(34744)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
        },
        {
          "name": "25543",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25543"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3021",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
            },
            {
              "name": "24313",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24313"
            },
            {
              "name": "36109",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36109"
            },
            {
              "name": "1018196",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018196"
            },
            {
              "name": "ADV-2007-2074",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2074"
            },
            {
              "name": "symantec-reporting-code-execution(34744)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
            },
            {
              "name": "25543",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25543"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3021",
    "datePublished": "2007-06-05T21:00:00",
    "dateReserved": "2007-06-04T00:00:00",
    "dateUpdated": "2024-08-07T13:57:54.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3021\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-06-05T21:30:00.000\",\"lastModified\":\"2024-11-21T00:32:12.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.\"},{\"lang\":\"es\",\"value\":\"Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como se usan en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus Corporate Edition (SAV CE) 10.1 y posteriores, no inicializa una variable cr\u00edtica, lo cual permite a los atacantes crear archivos ejecutables de su elecci\u00f3n mediante manipulaciones desconocidas de un archivo que se crea durante la exportaci\u00f3n de datos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D24019B-20F0-4B4D-86A5-9409698E6216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6090F86-0B42-403F-9996-9B7670EBAA5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3706E76-FC65-467E-8D09-A9EAC32E9BBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF555313-BB5A-4D8A-A3A1-609ABC39F6FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC74372F-329A-4597-810B-88B865771C9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"4D3CBEF5-25C6-41E8-97A3-2AA43134E619\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"81AE594C-41ED-4FE8-839D-B604AE8DC901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"4AB33BC0-813C-4944-9835-A1F62614CC97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"423C4F6C-4D87-4604-9122-02E2F06FAFB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*\",\"matchCriteriaId\":\"60BBE26A-E648-440F-9F08-AA7DD62D6C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.197.0\",\"matchCriteriaId\":\"953B6B3E-C3B9-40E6-95E6-911FFEA9A184\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/36109\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25543\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24313\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018196\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.symantec.com/avcenter/security/Content/2007.06.05a.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2074\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34744\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/36109\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25543\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24313\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018196\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/avcenter/security/Content/2007.06.05a.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-j45j-wm3x-xr92

Vulnerability from github

Published

2022-05-01 18:09

Modified

2022-05-01 18:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3021"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-05T21:30:00Z",
    "severity": "HIGH"
  },
  "details": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.",
  "id": "GHSA-j45j-wm3x-xr92",
  "modified": "2022-05-01T18:09:43Z",
  "published": "2022-05-01T18:09:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3021"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/36109"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25543"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24313"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018196"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2074"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export. Symantec System Center Reporting Server is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to execute malicious code on an affected server and gain the privileges of the user running the server. Successful attacks will compromise the application and possibly the underlying computer. SYM07-012 Symantec Reporting Server Elevation of Privilege

June 5, 2007

Risk Impact Medium

Remote Access: Yes Local Access: Yes Authentication Required: No Exploit available: No

Overview Files created by a Reporting Server may be accessible to an unauthorized user. The error occurred due to the improper initialization of a variable, and updates have been released to correct the problem. Individual client systems are not affected.

Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue. However, we recommend that customers update Reporting Server immediately to protect against possible attempts to exploit this issue.
- Ensure that the SCS Console and Reporting Server interface are never visible external to the network. This greatly reduces opportunities for unauthorized remote access. - User accounts for Reporting Server should be unique, and different from the user\x92s network login account.
- Delete exported data files which are no longer needed.

Credit Symantec would like to thank Ertunga Arsal of Tech Data GmbH & Co. OHG for reporting this issue, and coordinating with us on the response.

CVE This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE-2007-3021 to this issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Symantec Product Security Team

Symantec takes the security and proper functionality of its products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec follows the principles of responsible disclosure. Symantec also subscribes to the vulnerability guidelines outlined by the National Infrastructure Advisory Council (NIAC). Please contact secure@symantec.com if you feel you have discovered a potential or actual security issue with a Symantec product.

-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRmW5bf9Lqygkbb6BAQjVQQf7BjFMagCcjl+kkYiEEcphatUuDi1sDZ+h r2eRvO+8RbCzNoGWuBFiK9ExIhhQNRTDCkvceDcFFOBtKVv7wg/LGw935O8P7+PK lsdT+UEdCFqyUu+mteYARW4uQ9b17luDoxU2cEa6iZ9qS/6uzLEAkNQXo0Tm2PlT elYjlv5m13FSbAd+KfRh94XRguxrKZ/i8KxzsS8E0RvmADW+mjYbNv1rRT5C3AGr Kl7f3c07U4+DfISxDcAVjZwgK6lA42qLih8M2iC4P2bQJ1Ml3Uukxnt1EOLFBNo2 5UXMaAZ7lSK7l+ZIg1q57h5tsXOp9FQQaN7rSk2ObEvGoGheK3wiww== =CXAH -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200706-0270",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.1.401"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.1.400"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.1.396"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.0.2.2021"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.1.401"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.1"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.1.400"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.1.396"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.1.394"
      },
      {
        "model": "reporting server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "1.0.197.0"
      },
      {
        "model": "reporting server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "symantec",
        "version": "1.0.197.0"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "3.1 and later"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "corporate edition (sav ce) 10.1 and later"
      },
      {
        "model": "reporting server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "1.0.197.0 and  1.0.224.0"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.1.401"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.1.400"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.1.396"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.1.394"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.1"
      },
      {
        "model": "reporting server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.224.0"
      },
      {
        "model": "client security",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.6.6000"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.1.6.6000"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3021"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:symantec:client_security",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:symantec:norton_antivirus",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:symantec:reporting_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ertunga Arsal",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "57065"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2007-3021",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2007-3021",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-26383",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-3021",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-3021",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200706-048",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-26383",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-26383"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3021"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export. Symantec System Center Reporting Server is prone to a remote privilege-escalation vulnerability. \nAttackers can exploit this issue to execute malicious code on an affected server and gain the privileges of the user running the server. Successful attacks will compromise the application and possibly the underlying computer. SYM07-012 Symantec Reporting Server Elevation of Privilege\n\nJune 5, 2007 \n\nRisk Impact\nMedium     \n\nRemote Access: Yes\nLocal Access: Yes\nAuthentication Required: No\nExploit available:  No\n\nOverview\nFiles created by a Reporting Server may be accessible to an unauthorized user.   The error occurred due to the improper initialization of a variable, and updates have been released to correct the problem. Individual client systems are not affected. \n\nSymantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.  However, we recommend that customers update Reporting Server immediately to protect against possible attempts to exploit this issue.  \n - Ensure that the SCS Console and Reporting Server interface are never visible external to the network.  This greatly reduces opportunities for unauthorized remote access. \n- User accounts for Reporting Server should be unique, and different from the user\\x92s network login account.  \n- Delete exported data files which are no longer needed.  \n\n\nCredit\nSymantec would like to thank Ertunga Arsal of Tech Data GmbH \u0026 Co. OHG for reporting this issue, and coordinating with us on the response.  \n\nCVE\nThis issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems.   The CVE initiative has assigned CVE-2007-3021 to this issue\n\n\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nSymantec Product Security Team\n\n________________________________________\nSymantec takes the security and proper functionality of its products very\nseriously. As founding members of the \nOrganization for Internet Safety (OISafety), Symantec follows the\nprinciples of responsible disclosure. Symantec also \nsubscribes to the vulnerability guidelines outlined by the National\nInfrastructure Advisory Council (NIAC). Please contact \nsecure@symantec.com if you feel you have discovered a potential or actual\nsecurity issue with a Symantec product. \n________________________________________\nCopyright (c) 2007 by Symantec Corp. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.0.6 (Build 6060)\n\niQEVAwUBRmW5bf9Lqygkbb6BAQjVQQf7BjFMagCcjl+kkYiEEcphatUuDi1sDZ+h\nr2eRvO+8RbCzNoGWuBFiK9ExIhhQNRTDCkvceDcFFOBtKVv7wg/LGw935O8P7+PK\nlsdT+UEdCFqyUu+mteYARW4uQ9b17luDoxU2cEa6iZ9qS/6uzLEAkNQXo0Tm2PlT\nelYjlv5m13FSbAd+KfRh94XRguxrKZ/i8KxzsS8E0RvmADW+mjYbNv1rRT5C3AGr\nKl7f3c07U4+DfISxDcAVjZwgK6lA42qLih8M2iC4P2bQJ1Ml3Uukxnt1EOLFBNo2\n5UXMaAZ7lSK7l+ZIg1q57h5tsXOp9FQQaN7rSk2ObEvGoGheK3wiww==\n=CXAH\n-----END PGP SIGNATURE-----\n\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      },
      {
        "db": "BID",
        "id": "24313"
      },
      {
        "db": "VULHUB",
        "id": "VHN-26383"
      },
      {
        "db": "PACKETSTORM",
        "id": "57065"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-26383",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-26383"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-3021",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "24313",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1018196",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "25543",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2074",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "36109",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-048",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "34744",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "57065",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-26383",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-26383"
      },
      {
        "db": "BID",
        "id": "24313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      },
      {
        "db": "PACKETSTORM",
        "id": "57065"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3021"
      }
    ]
  },
  "id": "VAR-200706-0270",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-26383"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:36:13.732000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SYM07-012",
        "trust": 0.8,
        "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3021"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.symantec.com/avcenter/security/content/2007.06.05a.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/24313"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018196"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25543"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/36109"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2074"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3021"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3021"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/34744"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2074"
      },
      {
        "trust": 0.3,
        "url": "https://fileconnect.symantec.com/licenselogin.jsp"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/470603"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org),"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3021"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-26383"
      },
      {
        "db": "BID",
        "id": "24313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      },
      {
        "db": "PACKETSTORM",
        "id": "57065"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3021"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-26383"
      },
      {
        "db": "BID",
        "id": "24313"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      },
      {
        "db": "PACKETSTORM",
        "id": "57065"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3021"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-06-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-26383"
      },
      {
        "date": "2007-06-05T00:00:00",
        "db": "BID",
        "id": "24313"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      },
      {
        "date": "2007-06-07T06:06:31",
        "db": "PACKETSTORM",
        "id": "57065"
      },
      {
        "date": "2007-06-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      },
      {
        "date": "2007-06-05T21:30:00",
        "db": "NVD",
        "id": "CVE-2007-3021"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-26383"
      },
      {
        "date": "2008-03-13T01:51:00",
        "db": "BID",
        "id": "24313"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      },
      {
        "date": "2007-06-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      },
      {
        "date": "2024-11-21T00:32:12.873000",
        "db": "NVD",
        "id": "CVE-2007-3021"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec Client Security and  SAV CE Used in etc.  Symantec Reporting Server Vulnerable to creating arbitrary executable files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005636"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access verification error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-048"
      }
    ],
    "trust": 0.6
  }
}

gsd-2007-3021

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-3021

Aliases

CVE-2007-3021

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3021",
    "description": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.",
    "id": "GSD-2007-3021"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3021"
      ],
      "details": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.",
      "id": "GSD-2007-3021",
      "modified": "2023-12-13T01:21:42.525350Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3021",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html",
            "refsource": "CONFIRM",
            "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
          },
          {
            "name": "24313",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24313"
          },
          {
            "name": "36109",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/36109"
          },
          {
            "name": "1018196",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018196"
          },
          {
            "name": "ADV-2007-2074",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2074"
          },
          {
            "name": "symantec-reporting-code-execution(34744)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
          },
          {
            "name": "25543",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25543"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.197.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3021"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
            },
            {
              "name": "24313",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24313"
            },
            {
              "name": "1018196",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018196"
            },
            {
              "name": "25543",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25543"
            },
            {
              "name": "ADV-2007-2074",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2074"
            },
            {
              "name": "36109",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/36109"
            },
            {
              "name": "symantec-reporting-code-execution(34744)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:31Z",
      "publishedDate": "2007-06-05T21:30Z"
    }
  }
}

fkie_cve-2007-3021

Vulnerability from fkie_nvd

Published

2007-06-05 21:30

Modified

2024-11-21 00:32

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/36109
cve@mitre.org	http://secunia.com/advisories/25543
cve@mitre.org	http://www.securityfocus.com/bid/24313
cve@mitre.org	http://www.securitytracker.com/id?1018196
cve@mitre.org	http://www.symantec.com/avcenter/security/Content/2007.06.05a.html	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2074
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34744
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36109
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25543
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24313
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018196
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/avcenter/security/Content/2007.06.05a.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2074
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34744

Impacted products

Vendor	Product	Version
symantec	client_security	3.1
symantec	client_security	3.1.394
symantec	client_security	3.1.396
symantec	client_security	3.1.400
symantec	client_security	3.1.401
symantec	norton_antivirus	10.0.2.2021
symantec	norton_antivirus	10.1
symantec	norton_antivirus	10.1.396
symantec	norton_antivirus	10.1.400
symantec	norton_antivirus	10.1.401
symantec	reporting_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "4D3CBEF5-25C6-41E8-97A3-2AA43134E619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "81AE594C-41ED-4FE8-839D-B604AE8DC901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "4AB33BC0-813C-4944-9835-A1F62614CC97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "423C4F6C-4D87-4604-9122-02E2F06FAFB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "60BBE26A-E648-440F-9F08-AA7DD62D6C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "953B6B3E-C3B9-40E6-95E6-911FFEA9A184",
              "versionEndIncluding": "1.0.197.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
    },
    {
      "lang": "es",
      "value": "Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como se usan en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus Corporate Edition (SAV CE) 10.1 y posteriores, no inicializa una variable cr\u00edtica, lo cual permite a los atacantes crear archivos ejecutables de su elecci\u00f3n mediante manipulaciones desconocidas de un archivo que se crea durante la exportaci\u00f3n de datos."
    }
  ],
  "id": "CVE-2007-3021",
  "lastModified": "2024-11-21T00:32:12.873",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-06-05T21:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/36109"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25543"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24313"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018196"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2074"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-3021

Vulnerability from cvelistv5

ghsa-j45j-wm3x-xr92

Vulnerability from github

var-200706-0270

Vulnerability from variot

gsd-2007-3021

Vulnerability from gsd

fkie_cve-2007-3021

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature