CVE-2013-1615
low
CVSS v3
—
CVSS v2
2.9
VIR risk
2.9
Description
The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@symantec.com — http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | security_information_manager | 4.7.0 | |
| symantec | security_information_manager | 4.7.1 | |
| symantec | security_information_manager | 4.7.2 | |
| symantec | security_information_manager | 4.7.3 | |
| symantec | security_information_manager | 4.7.4 | |
| symantec | security_information_manager | 4.8.0 | |
References
- http://www.securityfocus.com/bid/60798
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00
- http://www.securityfocus.com/bid/60798
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.