CVE-2017-15527

Name of the Vulnerable Software and Affected Versions Symantec Management Console versions prior to 8.1 RU4

Description The issue arises from insufficient security validation and sanitization of user-supplied input file names, allowing a directory traversal exploit. This type of attack occurs when characters representing "traverse to parent directory" are passed through to the file APIs.

Recommendations For versions prior to 8.1 RU4, update to version 8.1 RU4 or later to resolve the issue. As a temporary workaround, consider restricting access to the file APIs to minimize the risk of exploitation.