The security issue is caused due to the client storing the LiveUpdate Server login name and password to a local log file in clear text. This can be exploited by malicious users to disclose the configured login name and password for accessing the LiveUpdate packages.
Although this vulnerability is classified as : Less Critical. I have posted it so that Admin's get a head's up.
Product version's affected : Symantec AntiVirus Corporate Edition 9.x
Symantec Windows LiveUpdate 2.x
Solution : Update to version 2.7.38.
Original Advisory :