CVE-2019-9701

4.8MEDIUM

Key Information

Vendor: Symantec
Status: Data Loss Prevention
Vendor: CVE Published:; 19 June 2019

Summary

DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Affected Version(s)

Data Loss Prevention = Prior to and including DLP 15.5 MP1

Refferences

https://support.symantec.com/us/en/article.SYMSA1484.html

x_refsource_MISC

http://packetstormsecurity.com/files/153512/Symantec-DLP-...

x_refsource_MISC

EPSS Score

95% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 19, 2019
Vulnerability Reserved
Mar 11, 2019

Collectors

NVD DatabaseMitre Database