Vulnerability Details CVE-2017-15527
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.3%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 5.2
References
- http://www.securityfocus.com/bid/101743
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171120_00
- http://www.securityfocus.com/bid/101743
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171120_00
Products affected by CVE-2017-15527
-
cpe:2.3:a:symantec:management_console:*