CVE-2017-15527

medium

Published 2017-11-20 · Modified 2026-05-13

CVSS v3

6.8

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2

5.2

VIR risk

6.8

Description

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.

Predictions

Exploit likelihood

67%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secure@symantec.com — https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171120_00

Application impact

Vendor	Product	Versions	Fixed
symantec	management_console	`{"endExcluding":"8.1"}`	`8.1`

References

http://www.securityfocus.com/bid/101743
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171120_00
http://www.securityfocus.com/bid/101743
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171120_00

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.