Detections
Analytics

Symantec Encryption Management Server Remote Administrator Enumeration

high Nessus Plugin ID 89871

Language:

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The Symantec Encryption Management Server running on the remote host is affected by an information disclosure vulnerability when handling LDAP requests. An unauthenticated, remote attacker can exploit this, via a crafted request, to obtain sensitive information about administrator accounts.

Solution

Upgrade to Symantec Encryption Management Server version 3.3.2 MP12

See Also

http://www.nessus.org/u?24f58288

Plugin Details

Severity: High

ID: 89871

File Name: symantec_encryption_server_CVE-2015-8148.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 3/11/2016

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2015-8148

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:symantec:encryption_management_server

Required KB Items: LDAP/symantec_encryption_server/detected

Exploit Ease: No known exploits are available

Patch Publication Date: 2/18/2016

Vulnerability Publication Date: 2/18/2016

Reference Information

CVE: CVE-2015-8148

BID: 83271