Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12759 | 1 Symantec | 2 Endpoint Protection Manager, Mail Security | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2020-5835 | 1 Symantec | 1 Endpoint Protection Manager | 2020-05-14 | 4.4 MEDIUM | 7.0 HIGH |
| Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. | |||||
| CVE-2018-18368 | 1 Symantec | 1 Endpoint Protection Manager | 2019-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2018-18367 | 1 Symantec | 1 Endpoint Protection Manager | 2019-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. | |||||
| CVE-2016-3653 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-03 | 6.0 MEDIUM | 8.0 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users. | |||||
| CVE-2016-3651 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 6.0 MEDIUM | 8.0 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. | |||||
| CVE-2016-3647 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 4.0 MEDIUM | 7.7 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request. | |||||
| CVE-2016-3648 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. | |||||
| CVE-2016-3650 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. | |||||
| CVE-2015-8152 | 1 Symantec | 1 Endpoint Protection Manager | 2016-12-03 | 8.5 HIGH | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | |||||
| CVE-2015-8154 | 1 Symantec | 1 Endpoint Protection Manager | 2016-12-03 | 9.3 HIGH | 8.8 HIGH |
| The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." | |||||
| CVE-2015-8153 | 1 Symantec | 1 Endpoint Protection Manager | 2016-12-03 | 8.3 HIGH | 8.8 HIGH |
| SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||