Changeflow GovPing Data Privacy & Cybersecurity Symantec Data Loss Prevention Privilege Escalat...
Priority review Guidance Added Final

Symantec Data Loss Prevention Privilege Escalation Vulnerability

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 30th, 2026
Detected March 31st, 2026
Email

Summary

CERT-Bund issued security advisory WID-SEC-2026-0921 warning of a local privilege escalation vulnerability in Symantec Data Loss Prevention products. The vulnerability carries a CVSS Base Score of 7.8 (high). Affected versions include DLP releases prior to 16.0 RU1 MP1 HF12, 16.0 RU2 HF9, 16.1 MP2, 25.1 MP1, and 16.0 MP2 HF15. Mitigations are available.

View original document View source feed page

What changed

CERT-Bund published an advisory identifying a local privilege escalation vulnerability in Symantec Data Loss Prevention across multiple product versions. The flaw enables a local attacker to elevate privileges; remote exploitation is not possible. CVSS scores are 7.8 (Base) and 6.8 (Temporal).

Organizations using Symantec DLP should identify whether their installations run affected versions and apply available mitigations or patches. Priority patching is recommended for environments handling sensitive data.

What to do next

  1. Audit Symantec DLP installations against affected version list
  2. Apply available patches or mitigations to vulnerable systems
  3. Prioritize patching in high-security environments processing sensitive data

Source document (simplified)

[WID-SEC-2026-0921] Symantec Data Loss Prevention: Schwachstelle ermöglicht Privilegieneskalation CVSS Base Score 7.8 (hoch) CVSS Temporal Score 6.8 (mittel) Remoteangriff nein Datum 30.03.2026 Stand 31.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Symantec Data Loss Prevention Produkte sollen den Verlust von vertraulichen Informationen verhindern und melden.

Produkte

30.03.2026
- Symantec Data Loss Prevention <DLP 16.0 RU1 MP1 HF12

  • Symantec Data Loss Prevention <DLP 16.0 RU2 HF9

  • Symantec Data Loss Prevention <DLP 16.1 MP2

  • Symantec Data Loss Prevention <DLP 25.1 MP1

  • Symantec Data Loss Prevention <DLP 16.0 MP2 HF15

Angriff

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Symantec Data Loss Prevention ausnutzen, um seine Privilegien zu erhöhen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de MongoDB DoS Vulnerability Advisory - CVSS 5.3
Routine Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de GNU libc Denial of Service Vulnerability
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de IBM DataPower Gateway Multiple Vulnerabilities Allow DoS and Data Manipulation
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com Zero-Trust Policy Generation via Application Segmentation
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for www.cisa.gov Critical Authentication Bypass in PX4 Autopilot MAVLink Protocol
Urgent Mar 31, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov Critical Authentication Bypass Vulnerability in Anritsu Remote Spectrum Monitor
Urgent Mar 31, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 30th, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
WID-SEC-2026-0921

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Software Vulnerability Management Patch Management
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Software Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 327 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.