Vulnerabilities > Symantec > Security Analytics > 7.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-27 | CVE-2021-30642 | OS Command Injection vulnerability in Symantec Security Analytics 7.2.1/7.2.2/7.2.3 An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. | 10.0 |
2018-11-27 | CVE-2018-12241 | Cross-site Scripting vulnerability in Symantec Security Analytics The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. | 4.3 |