Input Validation Flaw in Symantec Security Analytics Web UI
CVE-2021-30642

9.8CRITICAL

Key Information:

Vendor: Symantec
Status: Symantec Security Analytics
Vendor: CVE Published:; 27 April 2021

Summary

An input validation flaw exists in the web UI of Symantec Security Analytics versions 7.2 prior to 7.2.7, 8.1 before 8.1.3-NSR3, and 8.2 before 8.2.1-NSR2/8.2.2. This security issue enables an attacker to send specially crafted requests, allowing them to execute arbitrary operating system commands with elevated privileges on the affected system without needing authentication. This flaw poses significant security risks, as it could lead to unauthorized access and manipulation of sensitive data within the environment. It is essential for users to apply the relevant updates to secure their installations against potential exploits.

Affected Version(s)

Symantec Security Analytics Security Analytics 7.2 prior 7.2.7, 8.1 prior to 8.1.3-NSR3, 8.2 prior to 8.2.1-NSR2 or 8.2.2

References

https://support.broadcom.com/security-advisory/content/se...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2021
Vulnerability Reserved
Apr 13, 2021