- Description
- Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:on-demand_agent:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A7E6EA1-C9A9-4342-8E10-6D90F504C6BE",
"versionEndIncluding": "2.5_mr2_build_2156"
},
{
"criteria": "cpe:2.3:a:symantec:on-demand_protection:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBAED8BE-C5B7-4E5A-AB4D-7E525D342E30",
"versionEndIncluding": "2.6_build_2232"
}
],
"operator": "OR"
}
]
}
]