Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability

Bugtraq ID:	105062
Class:	Input Validation Error
CVE:	CVE-2018-5243
Remote:	Yes
Local:	No
Published:	Aug 20 2018 12:00AM
Updated:	Aug 20 2018 12:00AM
Credit:	Wolfgang Elsen [email protected] & Christian Hailer [email protected]
Vulnerable:	Symantec Encryption Management Server 3.4.2 Symantec Encryption Management Server 3.3.2 MP12 Symantec Encryption Management Server 3.3.2 MP7 Symantec Encryption Management Server 3.3.2 MP6 Symantec Encryption Management Server 3.3.2 Symantec Encryption Management Server 3.3.0 MP2 Symantec Encryption Management Server 3.3.0 MP1 Symantec Encryption Management Server 3.3.0
Not Vulnerable:	Symantec Encryption Management Server 3.4.2 MP1

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability

Symantec Encryption Management Server is prone to a denial of service vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions.

Versions prior to Encryption Management Server 3.4.2 MP1 are vulnerable.

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability

References:

• Symantec Homepage (Symantec)
  
• SYMSA1458: Symantec Encryption Management Server - Denial of Service (Symantec)