CVE-2020-5832
CVE-2020-5832 is a high-severity vulnerability in Symantec Data Center Security with a CVSS 3.x base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.8)
- CVSS v2: 4.6
- EPSS exploit prediction: 0% (30th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Symantec Data Center Security
- Published:
- Last modified:
Description
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Frequently asked questions
- What is CVE-2020-5832?
- Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
- How severe is CVE-2020-5832?
- CVE-2020-5832 has a CVSS 3.x base score of 7.8, rated high severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2020-5832 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (30th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2020-5832?
- CVE-2020-5832 affects Symantec Data Center Security. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2020-5832?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2020-5832 published?
- CVE-2020-5832 was published on 2020-04-06 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:symantec:data_center_security:*:*:*:*:*:*:*:*
More vulnerabilities in Symantec Data Center Security
- CVE-2014-3440 — Critical (CVSS 9.0): The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and…
- CVE-2014-9226 — High (CVSS 7.2): The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center…
- CVE-2014-7289 — Medium (CVSS 6.5): SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and…
- CVE-2014-9225 — Medium (CVSS 4.0): The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and…
- CVE-2014-9224 — Low (CVSS 3.5): Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management…