CVE-2019-9697

EUVD-2019-19063
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
symantecmanagement_center
2.2 ≤
𝑥
< 2.2.2.1
symantecmanagement_center
2.0
symantecmanagement_center
2.1
𝑥
= Vulnerable software versions
References
https://support.symantec.com/us/en/article.SYMSA1480.html
https://support.symantec.com/us/en/article.SYMSA1480.html