CVE-2019-9697

An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
symantecCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
symantecmanagement_center
2.2 ≤
𝑥
< 2.2.2.1
symantecmanagement_center
2.0
symantecmanagement_center
2.1
𝑥
= Vulnerable software versions
References
https://support.symantec.com/us/en/article.SYMSA1480.html
https://support.symantec.com/us/en/article.SYMSA1480.html