Lucene search

[email protected]CVE-2015-1486

HistoryAug 01, 2015 - 1:59 a.m.

CVE-2015-1486

2015-08-0101:59:03

CWE-287

[email protected]

web.nvd.nist.gov

symantec

endpoint protection manager

cve-2015-1486

sepm

authentication bypass

security vulnerability

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.616 Medium

EPSS

Percentile

97.8%

JSON

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.

Affected configurations

NVD

Node

symantecendpoint_protection_managerMatch12.1.0

CPENameOperatorVersion
symantec:endpoint_protection_managersymantec endpoint protection managereq12.1.0

CPE	Name	Operator	Version
symantec:endpoint_protection_manager	symantec endpoint protection manager	eq	12.1.0

References

www.securityfocus.com/bid/76074

www.securitytracker.com/id/1033165

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00

www.exploit-db.com/exploits/37812/

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.616 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2015-1486

dsquare1 nvd1 checkpoint_advisories1 saint4 prion1 cvelist1 zdt2 packetstorm1 nessus2 symantec1 openvas1