Cross-Site Request Forgery Vulnerability in Symantec LiveUpdate Administrator
CVE-2011-0545

Currently unrated

Key Information:

Vendor: Symantec
Status: Liveupdate Administrator
Vendor: CVE Published:; 28 March 2011

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the adduser.do component of Symantec LiveUpdate Administrator versions prior to 2.3. This security flaw could enable remote attackers to hijack administrative sessions by sending malicious requests that exploit the userRole parameter, potentially allowing the creation of unauthorized administrative accounts. Such exploitation could lead to further undetermined impacts, compromising the integrity of the administrator's privileges and system security.

References

http://secunia.com/advisories/43820

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/66213

vdb-entryx_refsource_XF

http://www.osvdb.org/71261

vdb-entryx_refsource_OSVDB

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 28, 2011
Vulnerability Reserved
Jan 20, 2011