AnsweredAssumed Answered

QID:372245 Logic Question

Question asked by Christopher McKay on Dec 5, 2019
Latest reply on Dec 5, 2019 by DMFezzaReed

Hey folks,

 

Could someone help me understand QID:372245 which relates to CVE-2019-9701 and vendor Reference SYMSA1484. 

 

The logic seems to be written in a way that it's triggering on versions of the endpoint software:

Affected Versions:
Symantec Data Loss Prevention 14.x
Symantec Data Loss Prevention 15.1

QID Detection Logic: (Authenticated)
This QID Checks for the Vulnerable version of Symantec Data Loss Prevention on system.

 

Symantec themselves say “DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users.” - DLP Cross Site Scripting 

 

But they also say "The hot fix addresses a persistent cross-site scripting (XSS) issue that could potentially affect the Enforce Server administration console. XSS exploits can enable attackers to inject client-side scripts into web pages viewed by users. Symantec is not aware of any exploitations or adverse customer impact from this issue." - https://support.symantec.com/us/en/article.ALERT2664.html 

 

I've gotten some questions from colleagues about the number of impacted assets I reported in our environment, due to the endpoint agent being included in the numbers I sent - Just want to check that the QID is working as intended.

 

TLDR: Is it correct that QID:372245 is catching Symantec DLP endpoint agents on an XSS vulnerability?

 

Apologies if i'm missing something obvious.

Thanks for taking the time,

Christopher

 

Outcomes