CVE-2022-25623
https://notcve.org/view.php?id=CVE-2022-25623
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. Symantec Management Agent es susceptible a una vulnerabilidad de escalada de privilegios. Una cuenta local de bajos privilegios puede ser elevada al nivel SYSTEM mediante manipulaciones del registro • https://support.broadcom.com/external/content/SecurityAdvisories/0/20366 •
CVE-2021-30642
https://notcve.org/view.php?id=CVE-2021-30642
An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. Un fallo de comprobación de entrada en la Interfaz de Usuario web de Symantec Security Analytics 7.2 anterior a versión 7.2.7, 8.1, anterior a versión 8.1.3-NSR3, 8.2, anterior a versión 8.2.1-NSR2 o 8.2.2, permite a un atacante remoto no autenticado ejecutar un Sistema Operativo arbitrario comandos en el destino con privilegios elevados • https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA17969 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-12593
https://notcve.org/view.php?id=CVE-2020-12593
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Symantec Endpoint Detection & Response, versiones anteriores a 4.5, puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad que podría permitir un acceso no autorizado a datos • https://github.com/nasbench/CVE-2020-12593 https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Endpoint-Detection-Response-Security-Update/SYMSA16562 •
CVE-2020-5839
https://notcve.org/view.php?id=CVE-2020-5839
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Symantec Endpoint Detection And Response, versiones anteriores a 4.4, puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad que podría permitir potencialmente un acceso no autorizado a datos • https://github.com/nasbench/CVE-2020-5839 https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090 •
CVE-2020-5838
https://notcve.org/view.php?id=CVE-2020-5838
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. Symantec IT Analytics, versiones anteriores a 2.9.1, puede ser susceptible a una explotación de una vulnerabilidad de tipo cross-site scripting (XSS), que es un tipo de problema que puede potencialmente habilitar a atacantes para inyectar scripts del lado del cliente en páginas web visualizadas por otros usuarios. • https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •