Vulnerability Description
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Client Security | 3.1 |
| Symantec | Norton Antivirus | 10.0.2.2021 |
| Symantec | Reporting Server | <= 1.0.197.0 |
References
- http://osvdb.org/36108
- http://secunia.com/advisories/25543
- http://www.securityfocus.com/bid/24312
- http://www.securitytracker.com/id?1018196
- http://www.symantec.com/avcenter/security/Content/2007.06.05.htmlPatch
- http://www.vupen.com/english/advisories/2007/2074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34740
- http://osvdb.org/36108
- http://secunia.com/advisories/25543
- http://www.securityfocus.com/bid/24312
- http://www.securitytracker.com/id?1018196
- http://www.symantec.com/avcenter/security/Content/2007.06.05.htmlPatch
- http://www.vupen.com/english/advisories/2007/2074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34740
FAQ
What is CVE-2007-3022?
CVE-2007-3022 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays ...
How severe is CVE-2007-3022?
CVE-2007-3022 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3022?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Client Security, Symantec Norton Antivirus, Symantec Reporting Server.