CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3647
https://notcve.org/view.php?id=CVE-2016-3647
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request. Symantec Endpoint Protection Manager (SEPM) en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados llevar a cabo ataques de falsificación de solicitud del lado del servidor (SSRF) y desencadenar tráfico de red en el host de la intranet arbitraria a través de una petición manipulada. • http://www.securityfocus.com/bid/91433 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3650
https://notcve.org/view.php?id=CVE-2016-3650
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados descubrir credenciales a través de ataques de fuerza bruta. • http://www.securityfocus.com/bid/91432 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5306
https://notcve.org/view.php?id=CVE-2016-5306
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 no implementa adecuadamente el mecanismo de protección HSTS, lo que facilita a atacantes remotos obtener información sensible rastreando la red para tráfico HTTP no destinado en puerto 8445. • http://www.securityfocus.com/bid/91449 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5307
https://notcve.org/view.php?id=CVE-2016-5307
Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. Vulnerabilidad de salto de directorio en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados leer archivos arbitrarios en el árbol de directorio web-root a través de vectores no especificados. • http://www.securityfocus.com/bid/91443 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3648
https://notcve.org/view.php?id=CVE-2016-3648
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados eludir el mecanismo de protección Authentication Lock y llevar a cabo ataques para adivinar la contraseña de fuerza bruta contra cuentas de administradores de consola introduciendo datos en la ventana de autorización. • http://www.securityfocus.com/bid/91441 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •