When creating a candidate for this issue, you must check the box that says “This vulnerability applies to Base.** [Company]’s products.” CVE-2018-13807: Insecure handling of guestbook data in CPanel/WHM When creating a candidate for this issue, you must include a description of the affected software and a link to the official bug report(s) for the software.
The following FAQs are also available:
What is a vulnerability?
A vulnerability is an error or bug in your software. If a vulnerability allows you to gain access to your website, you are potentially exposing it to a security risk.
What is a bug?
A bug is any error or flaw in the software’s design or implementation that allows unauthorized access. A security bug can allow attackers to gain access to your site or data.
Which CVE ID should I use?
You will need the CVE ID when submitting the report to Symantec's Security Response Center (SSRC). This will help us identify and provide timely assistance with the issues reported.
Checklist: Is your organization prepared for quarterly vulnerability disclosure?
Have you updated your policy on how to handle security issues and vulnerabilities?
Do you have an issue management plan, with escalation process, for all software vulnerabilities?
Are you prepared for the release of new products or services that may introduce new vulnerabilities?
Has your product team been involved in planning out software releases that will mitigate potential security issues?
Is your development team aware of the importance of keeping up-to-date on security issues and have they taken proactive steps to keep them up to date?
Vulnerability: Insecure handling of guestbook data in CPanel/WHM
The CPanel and WHM software versions on the affected server may have a vulnerability that can allow an attacker to gain access to guestbook data.