12 matches found
CVE-2018-18368
Symantec Endpoint Protection Manager SEPM, prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an...
CVE-2018-18368
Symantec Endpoint Protection Manager SEPM, prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an...
CVE-2018-18368
Symantec Endpoint Protection Manager (SEPM) is affected by a local privilege escalation vulnerability (CVE-2018-18368) that exists in SEPM prior to 14.2 RU1. An attacker with local access could gain elevated privileges. Remediation is to upgrade to SEPM/SEP 14.2 RU1 (or RU2 where applicable) and ...
Symantec Endpoint Protection Manager CVE-2018-18368 Local Privilege Escalation Vulnerability
Description Symantec Endpoint Protection Manager is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Symantec Endpoint Protection Manager versions prior to 14.2 RU1 are vulnerable. Technologies Affected Symantec Endpoint...
Symantec Endpoint Protection Client 12.1.x < 12.1 RU6 MP10 / 14.0.x < 14.0 RU1 MP1 Multiple Vulnerabilities (SYMSA1454)
The version of Symantec Endpoint Protection SEP Client installed on the remote host is 12.1.x prior to 12.1 RU6 MP10 or 14.0.x prior to 14.0 RU1 MP1. It is, therefore, affected by a multiple vulnerabilities as referenced in the advisory. Note that Nessus has not tested for this issue but has...
Race condition
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition or race hazard. This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events...
Server side request forgery (ssrf)
The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6, and ITMS 7.6POSTHF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service,...
CVE-2017-13680
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system...
Symantec Management Console Multiple XSS and XXE Vulnerabilities (SYM17-005)
The version of Symantec Manager Console running on the remote host is earlier then ITM 8.1 RU1, ITMS 8.0POSTHF6 or ITMS 7.6POSTHF7 and is therefore affected by multiple cross-site scripting XSS and XML External Entity XXE processing vulnerabilities. C Tenable Network Security, Inc...
Symantec Management Console XSS/XXE Issues
SUMMARY Symantec has released an update to address two issues that were discovered in the Symantec Management Console. AFFECTED PRODUCTS Symantec Management Console --- CVE | Affected Versions | Remediation CVE-2017-6322 CVE-2017-6323 | Prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6 & ITMS 7.6POSTHF7 |...
Symantec Endpoint Protection Manager < 12.1 RU1 MP1 (SYM12-008) (credentialed check)
The version of Symantec Endpoint Protection Manager installed on the remote host is less than 12.1 RU1 MP1 12.1.1101 and has the following vulnerabilities : - An arbitrary file deletion issue exists via directory traversal attacks. CVE-2012-0294 - A file inclusion vulnerability exists that could...
Symantec Endpoint Protection Manager Cross-Site Request Forgery and Cross-Site Scripting
SUMMARY Symantec Endpoint Protection Manager 12.1 web console is susceptible to cross-site scripting and cross-site request forgery that could potentially lead to arbitrary code execution. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Endpoint Protection | 12.1 ...