CVE-2018-12244 (GCVE-0-2018-12244)
Vulnerability from cvelistv5
Published
2019-04-25 18:49
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CSV/DDE Injection
Summary
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.
References
| ► | URL | Tags | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Endpoint Protection (Mac Client) |
Version: Prior to and including 12.1 RU6 MP9 Version: Prior to 14.2 RU1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/107999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Protection (Mac Client)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to and including 12.1 RU6 MP9"
},
{
"status": "affected",
"version": "Prior to 14.2 RU1"
}
]
}
],
"datePublic": "2019-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSV/DDE Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T18:49:02",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/107999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-12244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Protection (Mac Client)",
"version": {
"version_data": [
{
"version_value": "Prior to and including 12.1 RU6 MP9"
},
{
"version_value": "Prior to 14.2 RU1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSV/DDE Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1479.html",
"refsource": "MISC",
"url": "https://support.symantec.com/en_US/article.SYMSA1479.html"
},
{
"name": "107999",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/107999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-12244",
"datePublished": "2019-04-25T18:49:02",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-12244\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2019-04-25T19:29:00.283\",\"lastModified\":\"2024-11-21T03:44:51.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.\"},{\"lang\":\"es\",\"value\":\"SEP (cliente Mac) versiones anteriores a la 12.1 incluida, RU6 MP9 en versiones anteriores a 14.2 RU1 puede ser susceptible a una vulnerabilidad de inyecci\u00f3n CSV/DDE (tambi\u00e9n conocida como formula injection), es un tipo de problema por el cual una aplicaci\u00f3n o sitio web permite la entrada de datos no confiables en los archivos CSV.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1236\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"A8A8E8C7-7764-4500-B43C-909B98CBA969\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"709E0F00-6004-4230-AA2E-AEB92CF47510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr2:*:*:*:macos:*:*\",\"matchCriteriaId\":\"E903F167-3A44-4EB0-BCAF-C863F8A41DD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr3:*:*:*:macos:*:*\",\"matchCriteriaId\":\"BA478022-5812-4A42-90B9-3B71EE228EE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr4:*:*:*:macos:*:*\",\"matchCriteriaId\":\"A296C87D-A8A1-4062-959A-5C9B599EA33C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:mr4-mp2:*:*:*:macos:*:*\",\"matchCriteriaId\":\"55B28F0F-FE43-49EB-AC85-6D2D0D44BA74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru5:*:*:*:macos:*:*\",\"matchCriteriaId\":\"CEEA6E9A-749A-4522-A863-922161294F28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6:*:*:*:macos:*:*\",\"matchCriteriaId\":\"F2D88CB1-F85B-4748-8841-7BF640629393\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"F51FBC9D-DC97-4D7C-86E5-94754618BB77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp2:*:*:*:macos:*:*\",\"matchCriteriaId\":\"FE14BAFD-6FF1-4331-A3B2-B4C950CA06FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6-mp3:*:*:*:macos:*:*\",\"matchCriteriaId\":\"85CB007A-ACCE-4686-8E90-31E3B082ACD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru6a:*:*:*:macos:*:*\",\"matchCriteriaId\":\"013A829A-8152-4894-B973-444E13CDE29B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7:*:*:*:macos:*:*\",\"matchCriteriaId\":\"AF5594FB-DA31-4A7B-8B90-C697182AF076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"F7195A0A-0F18-4656-88F1-0E1D91D2B61C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp2:*:*:*:macos:*:*\",\"matchCriteriaId\":\"A8DFC842-93FF-4127-A51C-681B375AE68F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4:*:*:*:macos:*:*\",\"matchCriteriaId\":\"C7315DB1-E602-428E-ABB2-348592B6AE7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ru7-mp4a:*:*:*:macos:*:*\",\"matchCriteriaId\":\"6F6A4FCD-11EA-4B0B-9365-B0EE33DC2830\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:ry7-mp3:*:*:*:macos:*:*\",\"matchCriteriaId\":\"B60284AB-99C9-4C01-A922-C2390E3EEA47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"424BF82D-C5C6-443C-BA09-FFFB9C2AD6DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"34EBB08C-E229-4912-A3EA-902741FB06CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru1-mp1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"DE256B6B-4659-4C5F-AB6D-E40EC1655965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru2:*:*:*:macos:*:*\",\"matchCriteriaId\":\"6514C8BD-21B8-492D-8355-DC80A2B654BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru2-mp1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"24D20516-7157-41DA-B9BE-A6F63E9A9747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru3:*:*:*:macos:*:*\",\"matchCriteriaId\":\"A4973190-0937-4755-BC62-51ECD0F1F504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4:*:*:*:macos:*:*\",\"matchCriteriaId\":\"CA51772D-6124-4912-8809-233FD099F18E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"A756CC75-DBE3-4684-86C6-C7C0FE125CC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1a:*:*:*:macos:*:*\",\"matchCriteriaId\":\"03CBF80C-E1A3-45AC-8533-032F457DFB32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4-mp1b:*:*:*:macos:*:*\",\"matchCriteriaId\":\"8258DAC4-06D6-400E-B495-D5CD8D7F7DC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru4a:*:*:*:macos:*:*\",\"matchCriteriaId\":\"85CA5B27-7C43-428D-ADD6-C328ECBCCFA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru5:*:*:*:macos:*:*\",\"matchCriteriaId\":\"198182A8-8C17-4857-9F86-716A55534D5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6:*:*:*:macos:*:*\",\"matchCriteriaId\":\"EF909ABB-DD72-4C5B-A6E5-907AFA0AF6B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp1:*:*:*:mac_os_x:*:*\",\"matchCriteriaId\":\"8324432F-0C0E-430E-8968-939ABC77509C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp10:*:*:*:macos:*:*\",\"matchCriteriaId\":\"D69E0630-5996-443B-B3ED-11989B9F0786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp2:*:*:*:macos:*:*\",\"matchCriteriaId\":\"669932CB-FB88-464D-9C4C-87A2110A4858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp3:*:*:*:mac_os_x:*:*\",\"matchCriteriaId\":\"E15367F1-2862-41C7-949F-2E73F20DD4ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp4:*:*:*:macos:*:*\",\"matchCriteriaId\":\"CB162A18-8B37-4889-A323-0D193BF32054\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp5:*:*:*:mac_os_x:*:*\",\"matchCriteriaId\":\"6C946083-49DC-427F-A521-04BD35A145E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp6:*:*:*:macos:*:*\",\"matchCriteriaId\":\"7D6E6D44-7525-4F24-AEC8-C68236FED9DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp7:*:*:*:macos:*:*\",\"matchCriteriaId\":\"6E6C6EEA-EB45-400D-8C06-36F4B6148784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1:ru6-mp8:*:*:*:macos:*:*\",\"matchCriteriaId\":\"AC3590F2-D283-432A-931B-246A6749434C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"F1CB8890-4908-406C-8361-017BD5775A8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14:mp1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"57A39944-B16B-439B-BEA5-8581C7F174A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.0.0:mp2:*:*:*:macos:*:*\",\"matchCriteriaId\":\"53450424-1777-48DA-AD09-C87C68E137B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.0.1:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"B4281F2E-A9BB-4361-A548-BB7B2A57DAD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"3BBE781F-7095-4FA6-AC9C-3F6566AC3CEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.0.1:mp2:*:*:*:macos:*:*\",\"matchCriteriaId\":\"525C399E-827F-4A35-A894-51992E467665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.2:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"FB0E93FC-B698-42B0-BF06-A3E42CE695D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:14.2:mp1:*:*:*:macos:*:*\",\"matchCriteriaId\":\"8C705203-5A9B-434F-AC78-82D50292686E\"}]}]}],\"references\":[{\"url\":\"https://support.symantec.com/en_US/article.SYMSA1479.html\",\"source\":\"secure@symantec.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.securityfocus.com/bid/107999\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.symantec.com/en_US/article.SYMSA1479.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.securityfocus.com/bid/107999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…