CVE-2019-9701 (GCVE-0-2019-9701)

Vulnerability from cvelistv5 – Published: 2019-06-19 15:55 – Updated: 2024-08-04 21:54
VLAI?
Summary
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Severity ?
No CVSS data available.
CWE
  • Cross-site Scripting
Assigner
References
Impacted products
Vendor Product Version
n/a Data Loss Prevention Affected: Prior to and including DLP 15.5 MP1
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:54:45.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.symantec.com/us/en/article.SYMSA1484.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Data Loss Prevention",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to and including DLP 15.5 MP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-03T19:06:06",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.symantec.com/us/en/article.SYMSA1484.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2019-9701",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Data Loss Prevention",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to and including DLP 15.5 MP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.symantec.com/us/en/article.SYMSA1484.html",
              "refsource": "MISC",
              "url": "https://support.symantec.com/us/en/article.SYMSA1484.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2019-9701",
    "datePublished": "2019-06-19T15:55:27",
    "dateReserved": "2019-03-11T00:00:00",
    "dateUpdated": "2024-08-04T21:54:45.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F842F400-93B3-4376-AFCC-C8C9C63896B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:14.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3972E2E8-DA86-4892-883C-65462FB9A190\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:14.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0193904A-0BAA-4660-9327-2F8276FA4D3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:14.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D252B8D3-C41D-4D99-AB59-3D6F5E14D829\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:14.5:mp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A2EAFF5-D676-43FF-97C9-8070D49EF4F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:14.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1ECB2955-D76C-48C5-BD82-93CF0D3BDB53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:14.6:mp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F17CD295-737A-4F45-B938-AE811C4ACDF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:14.6:mp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"90E32E87-B5FB-4921-A25C-43D20DF47359\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:14.6:mp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"78A62EE3-6605-4D8F-9510-26835CA8C61A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79B13E58-8A7D-485E-8EAE-FB253B0DC154\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:15.0:mp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9209A5C-9CB4-4C24-83D3-466DF0BDDA9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C87CECE-4CFE-4398-8017-AE2F838CA4B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:15.1:mp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E20035F-CEFF-489D-92E2-2EA8B3CAA554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:15.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E19E68C-4B5E-4A1B-BEA6-516D9C84FB5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:data_loss_prevention:15.5:mp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3269E939-1943-44AF-9E60-DF79EB14E9C1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.\"}, {\"lang\": \"es\", \"value\": \"DLP versi\\u00f3n 15.5 MP1 y todas las versiones anteriores puede ser susceptible a una vulnerabilidad de tipo cross site scripting (XSS), que es un tipo de problema que puede permitir a los atacantes inyectar scripts del lado del cliente en p\\u00e1ginas web visitadas por otros usuarios. Los atacantes pueden usar una vulnerabilidad de tipo cross site scripting para omitir los controles de acceso, tales como la pol\\u00edtica del mismo origen.\"}]",
      "id": "CVE-2019-9701",
      "lastModified": "2024-11-21T04:52:08.157",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-06-19T16:15:11.313",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html\", \"source\": \"secure@symantec.com\"}, {\"url\": \"https://support.symantec.com/us/en/article.SYMSA1484.html\", \"source\": \"secure@symantec.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.symantec.com/us/en/article.SYMSA1484.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@symantec.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9701\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2019-06-19T16:15:11.313\",\"lastModified\":\"2024-11-21T04:52:08.157\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.\"},{\"lang\":\"es\",\"value\":\"DLP versi\u00f3n 15.5 MP1 y todas las versiones anteriores puede ser susceptible a una vulnerabilidad de tipo cross site scripting (XSS), que es un tipo de problema que puede permitir a los atacantes inyectar scripts del lado del cliente en p\u00e1ginas web visitadas por otros usuarios. Los atacantes pueden usar una vulnerabilidad de tipo cross site scripting para omitir los controles de acceso, tales como la pol\u00edtica del mismo origen.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F842F400-93B3-4376-AFCC-C8C9C63896B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:14.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3972E2E8-DA86-4892-883C-65462FB9A190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:14.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0193904A-0BAA-4660-9327-2F8276FA4D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D252B8D3-C41D-4D99-AB59-3D6F5E14D829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:14.5:mp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2EAFF5-D676-43FF-97C9-8070D49EF4F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:14.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ECB2955-D76C-48C5-BD82-93CF0D3BDB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:14.6:mp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F17CD295-737A-4F45-B938-AE811C4ACDF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:14.6:mp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"90E32E87-B5FB-4921-A25C-43D20DF47359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:14.6:mp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"78A62EE3-6605-4D8F-9510-26835CA8C61A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79B13E58-8A7D-485E-8EAE-FB253B0DC154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:15.0:mp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9209A5C-9CB4-4C24-83D3-466DF0BDDA9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C87CECE-4CFE-4398-8017-AE2F838CA4B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:15.1:mp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E20035F-CEFF-489D-92E2-2EA8B3CAA554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:15.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E19E68C-4B5E-4A1B-BEA6-516D9C84FB5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:data_loss_prevention:15.5:mp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3269E939-1943-44AF-9E60-DF79EB14E9C1\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html\",\"source\":\"secure@symantec.com\"},{\"url\":\"https://support.symantec.com/us/en/article.SYMSA1484.html\",\"source\":\"secure@symantec.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.symantec.com/us/en/article.SYMSA1484.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.