CVE-2019-9697

Name: CVE-2019-9697
Creator: NVD / NIST
Published: 2019-08-30T09:15:21.99+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.99%

Last modified Jun 17, 2026

CVE-2019-9697 is a vulnerability of currently unknown severity. An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.. EPSS estimates a 0.99% chance of exploitation in the next 30 days.

Description

An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.

Metrics

EPSS Probability

0.99%

58.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Symantec	Management Center	>= 2.2, < 2.2.2.1
Symantec	Management Center	2.0
Symantec	Management Center	2.1

References

https://support.symantec.com/us/en/article.SYMSA1480.htmlVendor Advisory
https://support.symantec.com/us/en/article.SYMSA1480.htmlVendor Advisory

Timeline

Published: Aug 30, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-9697?

How severe is CVE-2019-9697?

Severity scoring for CVE-2019-9697 is pending analysis. The EPSS model estimates a 0.99% probability of exploitation in the next 30 days.

How do I fix CVE-2019-9697?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-9697?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST