Vulnerabilities > CVE-2019-9697 - Unspecified vulnerability in Symantec Management Center 2.0/2.1/2.2

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

symantec

NVD

Published: 2019-08-30

Updated: 2021-07-21

Summary

An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.

Vulnerable Configurations

Part	Description	Count
Application	Symantec Symantec Management Center 2.2 Symantec Management Center 2.1 Symantec Management Center 2.0	3

References

https://support.symantec.com/us/en/article.SYMSA1480.html