CVE-2020-5834: 
Symantec Endpoint Management vulnerability analysis and mitigation

Symantec Endpoint Protection Manager (SEPM), prior to version 14.3, contains a directory traversal vulnerability (CVE-2020-5834) that was disclosed on May 11, 2020. This security flaw affects the Symantec Endpoint Protection Manager component and could allow remote attackers to determine the size of files in the directory (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and can result in low confidentiality impact without affecting integrity or availability (NVD).

If exploited, this vulnerability allows remote attackers to determine the size of files in the directory through a directory traversal attack. This could potentially expose sensitive information about the file system structure and file sizes to unauthorized users (Vendor Advisory).

Broadcom has released version 14.3 of Symantec Endpoint Protection Manager to address this vulnerability. Users are advised to upgrade to this version to mitigate the risk. At the time of disclosure, there was no evidence of attempts to exploit this vulnerability in the wild (Vendor Advisory).

The vulnerability was discovered and reported by security researcher Z0mb1E (Vendor Advisory).