CVE-2016-6586

3.7LOW

Key Information

Vendor: Symantec
Status: Norton Mobile Security For Android
Vendor: CVE Published:; 8 January 2020

Summary

A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.

Affected Version(s)

Norton Mobile Security for Android = before 3.16

Refferences

http://www.securitytracker.com/id/1037225

x_refsource_MISC

http://www.securityfocus.com/bid/93901

x_refsource_MISC

https://support.symantec.com/us/en/article.symsa1384.html

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 8, 2020
Vulnerability Reserved
Aug 3, 2016

Collectors

NVD DatabaseMitre Database