VIR Vulnerability Intelligence Relay

CVE-2017-11365

unknown
Published 2022-05-24 · Modified 2024-02-16
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
VIR risk

Description

Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-11365

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed0
debian debianbullseyefixed0
debian debianforkyfixed0
debian debiansidfixed0
debian debiantrixiefixed0

Package impact
EcosystemPackageVulnerableFixed
php Packagistsymfony/security-core>=2.7.30,<2.7.322.7.32
php Packagistsymfony/security-core>=2.8.23,<2.8.252.8.25
php Packagistsymfony/security-core>=3.2.10,<3.2.123.2.12
php Packagistsymfony/security-core>=3.3.3,<3.3.53.3.5
php Packagistsymfony/security>=2.7.30,<2.7.322.7.32
php Packagistsymfony/security>=2.8.23,<2.8.252.8.25
php Packagistsymfony/security>=3.2.10,<3.2.123.2.12
php Packagistsymfony/security>=3.3.3,<3.3.53.3.5
php Packagistsymfony/symfony>=2.7.30,<2.7.322.7.32
php Packagistsymfony/symfony>=2.8.23,<2.8.252.8.25
php Packagistsymfony/symfony>=3.2.10,<3.2.123.2.12
php Packagistsymfony/symfony>=3.3.3,<3.3.53.3.5

References

Verify integrity in audit chain (admin only). AS-IS.