Could someone help me understand QID:372245 which relates to CVE-2019-9701 and vendor Reference SYMSA1484.
The logic seems to be written in a way that it's triggering on versions of the endpoint software:
Symantec Data Loss Prevention 14.x
Symantec Data Loss Prevention 15.1
QID Detection Logic: (Authenticated)
This QID Checks for the Vulnerable version of Symantec Data Loss Prevention on system.
Symantec themselves say “DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.” - DLP Cross Site Scripting
But they also say "The hot fix addresses a persistent cross-site scripting (XSS) issue that could potentially affect the Enforce Server administration console. XSS exploits can enable attackers to inject client-side scripts into web pages viewed by users. Symantec is not aware of any exploitations or adverse customer impact from this issue." - https://support.symantec.com/us/en/article.ALERT2664.html
I've gotten some questions from colleagues about the number of impacted assets I reported in our environment, due to the endpoint agent being included in the numbers I sent - Just want to check that the QID is working as intended.
TLDR: Is it correct that QID:372245 is catching Symantec DLP endpoint agents on an XSS vulnerability?
Apologies if i'm missing something obvious.
Thanks for taking the time,