PT-2018-8341 · Symantec · Symantec Management Console
Published
2018-04-16
·
Updated
2018-05-23
·
CVE-2017-6323
CVSS v3.1
8.0
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Symantec Management Console versions prior to 8.1 RU1
Symantec Management Console versions prior to 8.0 POST HF6
Symantec Management Console versions prior to 7.6 POST HF7
Description
The issue is related to the processing of XML input containing a reference to an external entity by a weakly configured XML parser. This can lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
Recommendations
For versions prior to 8.1 RU1, update to 8.1 RU1 or later.
For versions prior to 8.0 POST HF6, update to 8.0 POST HF6 or later.
For versions prior to 7.6 POST HF7, update to 7.6 POST HF7 or later.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symantec Management Console