SEPM is not affected by CVE-2016-1000027
search cancel

SEPM is not affected by CVE-2016-1000027

book

Article ID: 277330

calendar_today

Updated On:

Products

Endpoint Security

Issue/Introduction

SEPM is using <install drive>:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\instances\sepm-api\webapps\sepm.war/WEB-INF/lib/spring-core-5.x.x.jar and this file is generating CVE alerts in some vulnerability scanners.

Environment

Any SEPM with version higher than 14.x

Resolution

Based on the NVD, this CVE is related to java deserialization of untrusted data https://nvd.nist.gov/vuln/detail/cve-2016-1000027

SEPM is not affected by CVE-2016-1000027 because it does not load/deserialize untrusted data, hence no further actions are required to address this CVE.