CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2018-18367
https://notcve.org/view.php?id=CVE-2018-18367
Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Symantec Endpoint Protection Manager (SEPM), en versiones anteriores e incluyendo a 12.1 RU6 MP9 y anteriores a 14.2 RU1, puede ser susceptible a una vulnerabilidad de precarga de DLL, que es un tipo de problema que puede ocurrir cuando una aplicación busca llamar a una DLL para su ejecución y un atacante proporciona una DLL maliciosa para usar en su lugar. • http://www.securityfocus.com/bid/107996 https://support.symantec.com/en_US/article.SYMSA1479.html • CWE-426: Untrusted Search Path •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3651
https://notcve.org/view.php?id=CVE-2016-3651
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados descubrir el valor JSESSIONID en PHP a través de vectores no especificados. • http://www.securityfocus.com/bid/91445 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5305
https://notcve.org/view.php?id=CVE-2016-5305
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack. Múltiples vulnerabilidades de XSS en la secuencia de comandos de administración en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permiten a usuarios remotos autenticados inyectar secuencia de comandos web o HTML arbitrarios a través de un ataque "manipulación de enlace DOM". • http://www.securityfocus.com/bid/91448 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3649
https://notcve.org/view.php?id=CVE-2016-3649
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a administradores remotos autenticados enumerar cuentas de administradores a través de peticiones GET modificadas. • http://www.securityfocus.com/bid/91440 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8801
https://notcve.org/view.php?id=CVE-2015-8801
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. Condición de carrera en el cliente en Symantec Endpoint Protection (SEP) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios locales eludir restricciones destinadas a transferir archivo a USB llevando a cabo operaciones de sistema de archivos antes de que el administrador de dispositivos SEP reconozca un nuevo dispositivo USB. • http://www.securityfocus.com/bid/91446 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •