CVE-2012-0303

{"id": "CVE-2012-0303", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-07-05T17:55:01.137", "references": [{"url": "http://www.securityfocus.com/bid/54133", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts."}, {"lang": "es", "value": "Varias vulnerabilidades de falsificaci\u00f3n de peticiones en sitios cruzados(CSRF) en Brightmail Control Center de Symantec Message Filter v6.3 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que (1) ejecutan comandos de la aplicaci\u00f3n o (2) crean cuentas de administrador."}], "lastModified": "2012-07-06T14:14:45.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:message_filter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FC5499F-B394-44C8-BFBA-798225AB60EC", "versionEndIncluding": "6.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}