CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4088 – Blind SQL injection in DLP ePO extension
https://notcve.org/view.php?id=CVE-2021-4088
24 Jan 2022 — SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server with privilege escalation. Una vulnerabilidad de inyección SQL en la extensión de ePO de Data Loss Protection (DLP) versiones 11.8.x anteriores a 11.8.100, versiones 11.7.x anteriores a 11.7.101 y versiones 11.6.4... • https://kc.mcafee.com/corporate/index?page=content&id=SB10376 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2014-9230
https://notcve.org/view.php?id=CVE-2014-9230
28 Jun 2015 — Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/75288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1485
https://notcve.org/view.php?id=CVE-2015-1485
28 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de CSRF en la consola de administración en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos secuestrar la autenticación de administradores. • http://www.securityfocus.com/bid/75289 • CWE-352: Cross-Site Request Forgery (CSRF) •