CVE-2021-30642
CRITICALSymantec Security Analytics 7.2-7.2.6 - Unauthenticated OS Command Injection
Title source: llmDescription
An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA17969
Scores
CVSS v3
9.8
EPSS
0.0160
EPSS Percentile
81.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
symantec/security_analytics
7.2 - 7.2.7
Published
Apr 27, 2021
Tracked Since
Feb 18, 2026