Vulnerabilities > CVE-2006-3072 - Authentication Bypass vulnerability in Symantec Security Information Manager
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation.
Vulnerable Configurations
References
- http://secunia.com/advisories/20647
- http://securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html
- http://securitytracker.com/id?1016296
- http://www.securityfocus.com/bid/18420
- http://www.vupen.com/english/advisories/2006/2334
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27105