CVE-2017-15526

Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.

Published: Nov 13, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-15526
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.2
AV:A/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
symantec / endpoint_encryption	-	11.1.3.x

http://www.securityfocus.com/bid/101698
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00

Vulnerability Database

290,206

CVE-2017-15526