Symantec has released an update to address an issue that was discovered in the Symantec Endpoint Detection and Response (SEDR) product.
Symantec Endpoint Detection and Response (SEDR)
CVE
|
Affected Version(s)
|
Remediation
CVE-2019-19547
|
Prior to 4.3.0
|
Upgrade to 4.3.0
CVE-2019-19547
Severity/CVSSv3:
|
Medium / 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
References:
Impact:
|
Security Focus: BID 111367 / NVD: CVE-2019-19547
XSS
Description:
|
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
A Symantec Endpoint Detection and Response (SEDR) update, version 4.3.0 has been made available that addresses the listed issue. Note that the latest Symantec Endpoint Detection and Response releases and patches are available to customers through normal support channels.
Symantec has also created additional detections and protections which are in place and is continuing to monitor any attempts of this exploit against our products. At this time, there is no evidence of any attempts at this exploit in the wild.
Symantec recommends the following measures to reduce risk of attack:
1/14/2020 - Minor edit to acknowledgements