CVE-2016-6591

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.1HIGH

EPSS

0.1%

top 78.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Norton APP Lock

Timeline

PublishedJan 8

Latest updateMay 24

Description

A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:NExploitability: 0.7 | Impact: 5.8

Affected Packages2 packages

▶NVDsymantec/norton_app_lock1.0.3.186

▶CVEListV5symantec/norton_app_lock1.0.3.186 and earlier

🔴Vulnerability Details

GHSA

GHSA-xm35-85mm-9382: A security bypass vulnerability exists in Symantec Norton App Lock 1↗2022-05-24

▶

CVEList

CVE-2016-6591: A security bypass vulnerability exists in Symantec Norton App Lock 1↗2020-01-08

▶