A vulnerability scan has been run against a Symantec application, and one or more Common Vulnerabilities and Exposures (CVE) were reported by the scanner.
Symantec performs internal vulnerability scans of its products as part of the development and QA process, but recognizes the value of our customers doing independent validation of their organization's security posture.
To ensure that your organization is getting an accurate report please consider the following:
Even following these best practices, a vulnerability scan may return some CVEs or other vulnerabilities. For some products, Symantec patches vulnerabilities in libraries or protocols without updating the library or software version. This can result in false positives from vulnerability scanners which do an unsophisticated port and version number scan.
When contacting Symantec regarding the results of a vulnerability scan, please provide the full scan report, as well as details on the scanning software and version.