CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CNVD•added 2015/06/30 12:0 a.m.•2 views

Symantec Data Loss Prevention Enforce Server Cross-Site Request Forgery Vulnerability

Symantec Data Loss Prevention DLP is a data leakage protection solution from Symantec Symantec. The program provides data leakage protection management and reporting and other functions. A cross-site request forgery vulnerability exists in the management console in Enforce Server in Symantec DLP...

6.8CVSS6.8AI score0.00157EPSS

Exploits0References1

CNVD•added 2015/06/30 12:0 a.m.•2 views

Symantec Data Loss Prevention Enforce Server Cross-Site Scripting Vulnerability

Symantec Data Loss Prevention DLP is a data leakage protection solution from Symantec Symantec. The program provides data leakage protection management and reporting and other functions. A cross-site scripting vulnerability exists in the management console in Enforce Server in Symantec DLP versio...

4.3CVSS6.2AI score0.00609EPSS

Exploits0References1

Prion•added 2015/06/28 7:59 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention DLP before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.00609EPSS

Exploits0References3Affected Software1

Prion•added 2015/06/28 7:59 p.m.•12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention DLP before 12.5.2 allows remote attackers to hijack the authentication of administrators...

6.8CVSS7.6AI score0.00157EPSS

Exploits0References3Affected Software1

Cvelist•added 2015/06/28 7:0 p.m.•14 views

CVE-2015-1485

7AI score0.00157EPSS

Exploits0References3

CVE•added 2015/06/28 7:0 p.m.•42 views

CVE-2015-1485

CVE-2015-1485 is a CSRF vulnerability in the administration console of Symantec Data Loss Prevention (DLP) Enforce Server, prior to version 12.5.2. The issue allows a remote attacker to hijack administrator authentication and perform unauthorized operations through forged requests, as stated in m...

6.8CVSS7.3AI score0.00157EPSS

Exploits0References3Affected Software1

CVE•added 2015/06/28 7:0 p.m.•41 views

CVE-2014-9230

The CVE-2014-9230 issue is a cross-site scripting (XSS) vulnerability in the administration console of Symantec Data Loss Prevention (DLP) Enforce Server, prior to version 12.5.2. A remote attacker could inject arbitrary web script or HTML via unspecified vectors in the Enforce Server admin UI. T...

4.3CVSS5.8AI score0.00609EPSS

Exploits0References3Affected Software1

Symantec•added 2015/06/22 8:0 a.m.•33 views

Symantec Data Loss Prevention Enforce Server Administration Console Cross-site Scripting, Cross-site

SUMMARY Symantec's Data Loss Prevention DLP Management Console is potentially susceptible to persistent cross-site scripting XSS issues and a possible cross-site request forgery CSRF in the Enforce Server administration console. Successful exploitation could result in potential unauthorized actio...

6.8CVSS5.9AI score0.00609EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by