Quantcast
Channel: Exploit Collector
Viewing all articles
Browse latest Browse all 13315

Symantec Management Console CVE-2017-15527 Directory Traversal Vulnerability

$
0
0


Symantec Management Console is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks.
Versions prior to Symantec Management Console ITMS 8.1 RU4 are vulnerable.

Information

Bugtraq ID: 101743
Class: Input Validation Error
CVE: CVE-2017-15527

Remote: Yes
Local: No
Published: Nov 20 2017 12:00AM
Updated: Nov 20 2017 05:08PM
Credit: Christoffer Wiman
Vulnerable: Symantec Management Console ITMS 8.1 RU3
Symantec Management Console ITMS 8.1 RU2
Symantec Management Console ITMS 8.1 RU1


Not Vulnerable: Symantec Management Console ITMS 8.1 RU4


Exploit


An attacker can exploit the issue through a browser.



    Viewing all articles
    Browse latest Browse all 13315

    Trending Articles