CVE-2009-0064 - Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance

CVE-2009-0064

Summary

Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions.

References

Vulnerable Configurations

cpe:2.3:h:symantec:brightmail_gateway_appliance:7.5:*:*:*:*:*:*:*
cpe:2.3:h:symantec:brightmail_gateway_appliance:7.5:*:*:*:*:*:*:*
cpe:2.3:h:symantec:brightmail_gateway_appliance:7.6:*:*:*:*:*:*:*
cpe:2.3:h:symantec:brightmail_gateway_appliance:7.6:*:*:*:*:*:*:*
cpe:2.3:h:symantec:brightmail_gateway_appliance:7.7:*:*:*:*:*:*:*
cpe:2.3:h:symantec:brightmail_gateway_appliance:7.7:*:*:*:*:*:*:*
cpe:2.3:h:symantec:brightmail_gateway_appliance:*:*:*:*:*:*:*:*
cpe:2.3:h:symantec:brightmail_gateway_appliance:*:*:*:*:*:*:*:*

CVSS

Base:	9.0 (as of 08-08-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:C/A:C

refmap via4

bid	34639
confirm	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01
osvdb	53945
sectrack	1022117
secunia	34885
vupen	ADV-2009-1155
xf	brightmail-consolescripts-priv-escalation(50075)

Last major update

08-08-2017 - 01:33

Published

24-04-2009 - 15:30

Last modified

08-08-2017 - 01:33