CVE-2020-5831: 
Symantec Endpoint Management vulnerability analysis and mitigation

Symantec Endpoint Protection Manager (SEPM), prior to version 14.2 RU2 MP1, was found to contain an out of bounds vulnerability. This security issue was discovered in early 2020 and allows an application to read memory outside of the bounds that had been allocated to the program (Broadcom Support).

The vulnerability is classified as an out of bounds memory read issue. It received a CVSS v3 Base Score of 3.3 (Low) with the following vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially impacting confidentiality (Broadcom Support).

The vulnerability could allow an attacker to read memory outside of the bounds of the memory that had been allocated to the program. The impact is primarily limited to information disclosure, with no direct impact on integrity or availability of the system (NVD).

The vulnerability was addressed in Symantec Endpoint Protection Manager version 14.2 RU2 MP1. Users are advised to upgrade to this version or later to remediate the issue. Additionally, a refresh of version 14.2 RU2 (14.2.5334.2000) was released on February 10, 2020, which is available upon request from Symantec Technical Support (Broadcom Support).