CVE-2014-3431

CWE-2645 documents4 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 88.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec Encryption DesktopSymantec PGP Desktop
Timeline
PublishedJun 21
Latest updateMay 17

Description

Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.1 | Impact: 6.4

Affected Packages2 packages

NVDsymantec/encryption_desktop10.3.0, 10.3.1, 10.3.2+2
NVDsymantec/pgp_desktop10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-c97m-p245-x627: Symantec PGP Desktop 102022-05-17
CVEList
CVE-2014-3431: Symantec PGP Desktop 102014-06-21
CVE-2014-3431 (MEDIUM CVSS 4.3) | Symantec PGP Desktop 10.x | cvebase.io