CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3650
https://notcve.org/view.php?id=CVE-2016-3650
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados descubrir credenciales a través de ataques de fuerza bruta. • http://www.securityfocus.com/bid/91432 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5306
https://notcve.org/view.php?id=CVE-2016-5306
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 no implementa adecuadamente el mecanismo de protección HSTS, lo que facilita a atacantes remotos obtener información sensible rastreando la red para tráfico HTTP no destinado en puerto 8445. • http://www.securityfocus.com/bid/91449 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5307
https://notcve.org/view.php?id=CVE-2016-5307
Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. Vulnerabilidad de salto de directorio en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados leer archivos arbitrarios en el árbol de directorio web-root a través de vectores no especificados. • http://www.securityfocus.com/bid/91443 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3648
https://notcve.org/view.php?id=CVE-2016-3648
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados eludir el mecanismo de protección Authentication Lock y llevar a cabo ataques para adivinar la contraseña de fuerza bruta contra cuentas de administradores de consola introduciendo datos en la ventana de autorización. • http://www.securityfocus.com/bid/91441 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-5304 – Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-5304
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en un componente del informe de enrutamiento en Symantec Endpoint Protection Manager (SEPM) 12.1 en versiones anteriores a RU6 MP5 permite a usuarios remotos autenticados redirigir usuarios a páginas web arbitrarias y llevar a cabo ataques de phishing a través de vectores no especificados. Symantec Endpoint Protection Manager and Client version 12.1 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities. • https://www.exploit-db.com/exploits/40041 http://www.securityfocus.com/bid/91447 http://www.securitytracker.com/id/1036196 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 •