A vulnerability scan has been run against a Symantec application, and one or moreCommon Vulnerabilities and Exposures (CVE) were reported by the scanner.
Symantec performs internal vulnerability scans of its products as part of the development and QA process, but recognizes the value of our customers doing independent validation of their organization's security posture.
To ensure that your organization is getting an accurate report please consider the following:
Run vulnerability scans against the latest release with all appropriate patches applied.
Run vulnerability scans against the normal operating configuration of the product.
Run vulnerability scans with a fully updated scanner that has the most recent set of signatures.
Even following these best practices, a vulnerability scan may return some CVEs or other vulnerabilities. For some products, Symantec patches vulnerabilities in libraries or protocols without updating the library or software version. This can result in false positives from vulnerability scanners which do an unsophisticated port and version number scan.
When contacting Symantec regarding the results of a vulnerability scan, please provide the full scan report, as well as details on the scanning software and version.
Subscribing will provide email updates when this Article is updated. Login is required.