CVE-2017-15527
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.
En versiones anteriores a ITMS 8.1 RU4, Symantec Management Console puede ser susceptible a un exploit de salto de directorio, que es un tipo de ataque que puede ocurrir cuando hay una validaciĆ³n de seguridad o inmunizaciĆ³n insuficiente de entradas de nombres de archivo proporcionadas por el usuario, de manera que los caracteres que representan "salto al directorio primario" se pasan a las API de archivos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-17 CVE Reserved
- 2017-11-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/101743 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Management Console Search vendor "Symantec" for product "Management Console" | < 8.1 Search vendor "Symantec" for product "Management Console" and version " < 8.1" | ru4 |
Affected
| ||||||