📦

reporter

Vendor: mamboxchange

Actively Exploited 0 CISA KEV List

PoC / Exploits 4 Code Available

Total RCEs 1 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 3.22% Exploit Prob.

Latest CVE CVE-2019-12753 Aug 30

Security Vulnerability Index

Page 1 / 1

4.9 CVSS

CVE-2019-12753

An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not otherwise be authorized to access. The malicious administrator user can also obtain the passwords of other Reporter web UI users.

EPSS: 0.33%

Severity: MEDIUM

Aug 30, 2019

7.2 CVSS

CVE-2018-12237

RCE

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.

EPSS: 2.44%

Severity: HIGH

Jan 24, 2019

9.8 CVSS

CVE-2017-15531

Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.

EPSS: 2.81%

Severity: CRITICAL

Jan 23, 2018

10.0 CVSS

CVE-2011-5127

Exploit Found

Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.

EPSS: 15.05%

Severity: HIGH

Aug 26, 2012

4.3 CVSS

CVE-2007-4349

The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.

EPSS: 0.98%

Severity: MEDIUM

Oct 23, 2008

7.5 CVSS

CVE-2006-4241

Exploit Found

PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS: 2.16%

Severity: HIGH

Aug 21, 2006

4.3 CVSS

CVE-2005-1710

Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page.

EPSS: 0.53%

Severity: MEDIUM

May 24, 2005

4.6 CVSS

CVE-2005-1708

Exploit Found

templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.

EPSS: 0.91%

Severity: MEDIUM

May 24, 2005

7.5 CVSS

CVE-2005-1709

Exploit Found

Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license.

EPSS: 3.77%

Severity: HIGH

May 24, 2005

Displaying 9 of 1 Total Entries

Total 1 Sections