Local Application Blacklist Bypass in Symantec Altiris IT Management Suite
CVE-2016-2202

5.5MEDIUM

Key Information:

Vendor: Symantec
Status: Altiris It Management Suite
Vendor: CVE Published:; 20 April 2016

What is CVE-2016-2202?

The Inventory Solution component in Symantec Altiris IT Management Suite allows local users to bypass intended application-blacklist restrictions. This vulnerability can be exploited through unspecified vectors, potentially enabling unauthorized access to restricted applications or services within the management suite, posing a risk to the overall integrity and security of the IT environment. Users are advised to update to the latest version to safeguard against this vulnerability.

References

https://www.symantec.com/security_response/securityupdate...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/85778

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2016
Vulnerability Reserved
Feb 2, 2016