CVE-2017-15527
Last modified
CVE-2017-15527 is a vulnerability of currently unknown severity. Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.. EPSS estimates a 1.09% chance of exploitation in the next 30 days.
Description
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Symantec | Management Console | < 8.1 | Ru4 |
References
- http://www.securityfocus.com/bid/101743Third Party Advisory, VDB Entry
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171120_00Issue Tracking, Mitigation, Vendor Advisory
- http://www.securityfocus.com/bid/101743Third Party Advisory, VDB Entry
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171120_00Issue Tracking, Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-15527?
How severe is CVE-2017-15527?
How do I fix CVE-2017-15527?
Are you affected by CVE-2017-15527?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST