Vulnerability Description
The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Content Analysis | 1.3 |
| Symantec | Mail Threat Defense | 1.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104182
- https://www.symantec.com/security-center/network-protection-security-advisories/Vendor Advisory
- http://www.securityfocus.com/bid/104182
- https://www.symantec.com/security-center/network-protection-security-advisories/Vendor Advisory
FAQ
What is CVE-2016-9092?
CVE-2016-9092 is a vulnerability with a CVSS score of 8.8 (HIGH). The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attac...
How severe is CVE-2016-9092?
CVE-2016-9092 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9092?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Content Analysis, Symantec Mail Threat Defense.