CVE-2012-3582
low
CVSS v3
—
CVSS v2
2.9
VIR risk
2.9
Description
Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120830_00
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | pgp_universal_server | 3.2.0 | |
| symantec | pgp_universal_server | 3.2.1 | |
References
- http://www.securityfocus.com/bid/55246
- http://www.securitytracker.com/id?1027467
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120830_00
- http://www.securityfocus.com/bid/55246
- http://www.securitytracker.com/id?1027467
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120830_00
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.