Information Disclosure in Symantec Reporter Web UI by Symantec
CVE-2019-12753
4.9MEDIUM
What is CVE-2019-12753?
The vulnerability allows an authenticated administrator within the Symantec Reporter web UI to access sensitive credentials, including those for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers. This exposure could facilitate unauthorized access to resources that the administrator may not have given permission to access, as well as security breaches involving credentials from other users of the Reporter web UI. The affected versions include those prior to 10.3.2.5, presenting a significant risk to organizations reliant on Symantec's reporting tools.
Affected Version(s)
Symantec Reporter Reporter 10.3 prior to 10.3.2.5