CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12754
https://notcve.org/view.php?id=CVE-2019-12754
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. Symantec My VIP portal, una versión previa que ya ha sido actualizada automáticamente, era susceptible a una explotación de tipo cross-site scripting (XSS), que es un tipo de problema que puede habilitar a atacantes para inyectar scripts de lado del cliente en páginas web visualizadas por otros usuarios o omitir potencialmente los controles de acceso, tal y como la política del mismo origen. • https://support.symantec.com/us/en/article.SYMSA1491.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9696
https://notcve.org/view.php?id=CVE-2019-9696
Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec VIP Enterprise Gateway (todas las versiones) puede ser susceptible a una vulnerabilidad de tipo cross site scripting (XSS), que es un tipo de problema que puede permitir a los atacantes inyectar scripts del lado del cliente en páginas web visitadas por otros usuarios. Los atacantes pueden usar una vulnerabilidad de tipo cross site scripting para omitir potencialmente los controles de acceso, tales como la política del mismo origen. • http://www.securityfocus.com/bid/107692 https://support.symantec.com/en_US/article.SYMSA1477.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6329
https://notcve.org/view.php?id=CVE-2017-6329
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. Symantec VIP Access for Desktop en versiones anteriores a la 2.2.4 puede ser susceptible a una vulnerabilidad de precarga de DLL. • http://www.securityfocus.com/bid/100200 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170821_00 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-6593 – Symantec VIP Access Arbitrary DLL Execution
https://notcve.org/view.php?id=CVE-2016-6593
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. Existe una vulnerabilidad de ejecución de código durante el inicio en las bibliotecas jhi.dll y otpiha.dll en Symantec VIP Access Desktop versiones anteriores a la versión 2.2.2, lo que podría permitir a usuarios maliciosos locales ejecutar código arbitrario. Symantec VIP Access versions prior to 2.2.2 suffer from an arbitrary dll execution vulnerability. • http://packetstormsecurity.com/files/140098/Symantec-VIP-Access-Arbitrary-DLL-Execution.html http://www.securityfocus.com/archive/1/539889/100/0/threaded http://www.securityfocus.com/bid/94731 https://support.symantec.com/us/en/article.symsa1388.html • CWE-426: Untrusted Search Path •