Vulnerabilities > CVE-2019-12753 - Unspecified vulnerability in Symantec Reporter 10.3/10.3.1.1/10.3.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | CGI abuses |
| NASL id | SYMANTEC_REPORTER_SYMSA1489.NASL |
| description | According to its self-reported version number, the Symantec (formerly Blue Coat) Reporter installation running on the remote host is 10.3 prior to 10.3.2.5. It is, therefore, affected by an information disclosure vulnerability. An authenticated attacker with Reporter UI access can obtain passwords for external servers that they might not be authorized to access. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 128417 |
| published | 2019-08-30 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/128417 |
| title | Symantec (Blue Coat) Reporter UI Information Disclosure Vulnerability (SYMSA1489) |