Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Data Loss Prevention by Broadcom

    CVE-2026-3991 (GCVE-0-2026-3991)

    Vulnerability from nvd – Published: 2026-03-30 18:27 – Updated: 2026-03-31 13:49
    VLAI
    Title
    Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint
    Summary
    Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of functionality from untrusted control sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Broadcom Data Loss Prevention Unaffected: 25.1.00100.60229
    Unaffected: 16.1.00200.60431
    Unaffected: 16.0.20009.60689
    Unaffected: 16.0.10112.60928
    Unaffected: 16.0.00215.62094
    Create a notification for this product.
    Date Public
    2026-03-30 19:00
    Credits
    Manuel Feifel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3991",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T03:55:43.418048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T13:49:39.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Data Loss Prevention",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "25.1.00100.60229"
                },
                {
                  "status": "unaffected",
                  "version": "16.1.00200.60431"
                },
                {
                  "status": "unaffected",
                  "version": "16.0.20009.60689"
                },
                {
                  "status": "unaffected",
                  "version": "16.0.10112.60928"
                },
                {
                  "status": "unaffected",
                  "version": "16.0.00215.62094"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Manuel Feifel"
            }
          ],
          "datePublic": "2026-03-30T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ],
              "value": "Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of functionality from untrusted control sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T18:27:31.430Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37306"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2026-3991",
        "datePublished": "2026-03-30T18:27:31.430Z",
        "dateReserved": "2026-03-11T16:47:38.735Z",
        "dateUpdated": "2026-03-31T13:49:39.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3991 (GCVE-0-2026-3991)

    Vulnerability from cvelistv5 – Published: 2026-03-30 18:27 – Updated: 2026-03-31 13:49
    VLAI
    Title
    Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint
    Summary
    Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of functionality from untrusted control sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Broadcom Data Loss Prevention Unaffected: 25.1.00100.60229
    Unaffected: 16.1.00200.60431
    Unaffected: 16.0.20009.60689
    Unaffected: 16.0.10112.60928
    Unaffected: 16.0.00215.62094
    Create a notification for this product.
    Date Public
    2026-03-30 19:00
    Credits
    Manuel Feifel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3991",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T03:55:43.418048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T13:49:39.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Data Loss Prevention",
              "vendor": "Broadcom",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "25.1.00100.60229"
                },
                {
                  "status": "unaffected",
                  "version": "16.1.00200.60431"
                },
                {
                  "status": "unaffected",
                  "version": "16.0.20009.60689"
                },
                {
                  "status": "unaffected",
                  "version": "16.0.10112.60928"
                },
                {
                  "status": "unaffected",
                  "version": "16.0.00215.62094"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Manuel Feifel"
            }
          ],
          "datePublic": "2026-03-30T19:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
                }
              ],
              "value": "Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of functionality from untrusted control sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T18:27:31.430Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37306"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2026-3991",
        "datePublished": "2026-03-30T18:27:31.430Z",
        "dateReserved": "2026-03-11T16:47:38.735Z",
        "dateUpdated": "2026-03-31T13:49:39.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }