Denial of Service Vulnerability in Symantec Encryption Management Server
CVE-2015-8149

7.5HIGH

Key Information:

Vendor

Symantec
Status
Encryption Management Server
Vendor
CVE Published:
18 February 2016

What is CVE-2015-8149?

The LDAP service in Symantec Encryption Management Server version 3.3.2 prior to MP12 is vulnerable to a denial of service. This vulnerability can be exploited remotely by attackers through specially crafted requests, leading to heap memory corruption and potential service outages. It is crucial for users and administrators of the affected product to review the security updates and implement mitigations to safeguard against such attacks.

References

http://www.securitytracker.com/id/1035063
vdb-entryx_refsource_SECTRACK
http://www.symantec.com/security_response/securityupdates...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/83270
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.