Lucene search

[email protected]CVE-2015-1485

HistoryJun 28, 2015 - 7:59 p.m.

CVE-2015-1485

2015-06-2819:59:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2015-1485

csrf

vulnerability

symantec

dlp

administration console

enforce server

authentication

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.3%

JSON

Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators.

CPENameOperatorVersion
symantec:data_loss_preventionsymantec data loss preventionle12.5.1

CPE	Name	Operator	Version
symantec:data_loss_prevention	symantec data loss prevention	le	12.5.1

References

www.securityfocus.com/bid/75289

www.securitytracker.com/id/1032710

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.3%

JSON

Related for CVE-2015-1485

prion1 cvelist1 symantec1