What is CVE-2011-3478?

CVE-2011-3478 is a vulnerability in Symantec Pcanywhere, classified under Improper Authentication. Published 2012-01-25.

Is CVE-2011-3478 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Symantec Pcanywhere

CVE-2011-3478

The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attack…

Vulnerability class: Broken Authentication

EPSS: 0.570 (98.2th percentile) — read the EPSS interpretation.

Affected products

Symantec Pcanywhere — versions 12.5, 12.5.539, 12.6.65
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

78532 (x_refsource_OSVDB, vdb-entry)
38599 (exploit, x_refsource_EXPLOIT-DB)
51592 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
48092 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2011-3478?: CVE-2011-3478 is a vulnerability in Symantec Pcanywhere, classified under Improper Authentication. Published 2012-01-25.
Is CVE-2011-3478 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.