CVE-2019-18376

5.9MEDIUM

Key Information

Vendor: Symantec
Status: Symantec Management Center (mc)
Vendor: CVE Published:; 10 April 2020

Summary

A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.

Affected Version(s)

Symantec Management Center (MC) = MC prior to 2.4.1.1

Refferences

https://support.broadcom.com/security-advisory/security-a...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2020
Vulnerability Reserved
Oct 23, 2019

Collectors

NVD DatabaseMitre Database