Sensitive Information Exposure in Symantec Encryption Management Server
CVE-2015-8148

7.5HIGH

Key Information:

Vendor

Symantec
Status
Encryption Management Server
Vendor
CVE Published:
18 February 2016

What is CVE-2015-8148?

The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 prior to MP12 is vulnerable to a remote information disclosure flaw. This vulnerability allows attackers to craft specially modified requests that can reveal sensitive information about administrator accounts, potentially compromising the security posture of the affected systems. Organizations using SEMS should assess their exposure and ensure that appropriate patches are applied to mitigate this risk.

References

http://www.securitytracker.com/id/1035063
vdb-entryx_refsource_SECTRACK
http://www.symantec.com/security_response/securityupdates...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/83271
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.