Symantec Management Console CVE-2017-15527 Directory Traversal Vulnerability



Symantec Management Console is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks.
Versions prior to Symantec Management Console ITMS 8.1 RU4 are vulnerable.

Information

Bugtraq ID: 101743
Class: Input Validation Error
CVE: CVE-2017-15527

Remote: Yes
Local: No
Published: Nov 20 2017 12:00AM
Updated: Nov 20 2017 05:08PM
Credit: Christoffer Wiman
Vulnerable: Symantec Management Console ITMS 8.1 RU3
Symantec Management Console ITMS 8.1 RU2
Symantec Management Console ITMS 8.1 RU1


Not Vulnerable: Symantec Management Console ITMS 8.1 RU4


Exploit


An attacker can exploit the issue through a browser.


Related Posts

Comments