CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23958 – Symantec Protection Engine Hash Leak Vulnerability
https://notcve.org/view.php?id=CVE-2023-23958
Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. Symantec Protection Engine, versiones anteriores a 9.1.0, puede ser susceptible a una vulnerabilidad de Hash Leak. • https://support.broadcom.com/external/content/SecurityAdvisories/0/22599 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23957 – Open Redirection Vulnerability in Symantec Identity Portal 14.4
https://notcve.org/view.php?id=CVE-2023-23957
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 Un usuario autenticado puede ver y modificar el valor del parámetro de consulta 'next' en Symantec Identity Portal 14.4 • https://support.broadcom.com/external/content/SecurityAdvisories/0/22544 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25629
https://notcve.org/view.php?id=CVE-2022-25629
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Un usuario autenticado que tiene el privilegio de agregar/editar anotaciones en la pestaña Contenido puede crear una anotación maliciosa que se puede ejecutar en la página de anotaciones (columna de texto de anotación). • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25630 – Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-25630
An authenticated user can embed malicious content with XSS into the admin group policy page. Un usuario autenticado puede incrustar contenido malicioso con XSS en la página de política del grupo de administración. Symantec Messaging Gateway version 10.7.4 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51342 http://packetstormsecurity.com/files/171781/Symantec-Messaging-Gateway-10.7.4-Cross-Site-Scripting.html https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37015
https://notcve.org/view.php?id=CVE-2022-37015
Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. El dispositivo Symantec Endpoint Detection and Response (SEDR), anterior a 4.7.0, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema por el cual un atacante puede intentar comprometer la aplicación de software para obtener acceso elevado a recursos que normalmente son protegido de una aplicación o usuario. • https://support.broadcom.com/external/content/SecurityAdvisories/0/21005 •