CVE-2018-18367
https://notcve.org/view.php?id=CVE-2018-18367
Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Symantec Endpoint Protection Manager (SEPM), en versiones anteriores e incluyendo a 12.1 RU6 MP9 y anteriores a 14.2 RU1, puede ser susceptible a una vulnerabilidad de precarga de DLL, que es un tipo de problema que puede ocurrir cuando una aplicación busca llamar a una DLL para su ejecución y un atacante proporciona una DLL maliciosa para usar en su lugar. • http://www.securityfocus.com/bid/107996 https://support.symantec.com/en_US/article.SYMSA1479.html • CWE-426: Untrusted Search Path •
CVE-2016-5305
https://notcve.org/view.php?id=CVE-2016-5305
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack. Múltiples vulnerabilidades de XSS en la secuencia de comandos de administración en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permiten a usuarios remotos autenticados inyectar secuencia de comandos web o HTML arbitrarios a través de un ataque "manipulación de enlace DOM". • http://www.securityfocus.com/bid/91448 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-3650
https://notcve.org/view.php?id=CVE-2016-3650
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados descubrir credenciales a través de ataques de fuerza bruta. • http://www.securityfocus.com/bid/91432 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVE-2016-3649
https://notcve.org/view.php?id=CVE-2016-3649
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a administradores remotos autenticados enumerar cuentas de administradores a través de peticiones GET modificadas. • http://www.securityfocus.com/bid/91440 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-3647
https://notcve.org/view.php?id=CVE-2016-3647
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request. Symantec Endpoint Protection Manager (SEPM) en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados llevar a cabo ataques de falsificación de solicitud del lado del servidor (SSRF) y desencadenar tráfico de red en el host de la intranet arbitraria a través de una petición manipulada. • http://www.securityfocus.com/bid/91433 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 •