CVE-2022-25631

Symantec Endpoint Protection, prior to 14.3 RU6 14.3.9210.6000, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated...

CVE-2022-25631

Symantec Endpoint Protection, prior to 14.3 RU6 14.3.9210.6000, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated...

CVE-2019-12757

Symantec Endpoint Protection (SEP) and SEP Small Business Edition (SEP SBE) are affected by CVE-2019-12757, a privilege-escalation flaw in versions before 14.2 RU2 and 12.1 RU6 MP10d (SEP SBE 12.1.7510.7002). The vulnerability allows an attacker with local access to elevate privileges within the ...

Symantec Endpoint Protection Client 12.1.x < 12.1 RU6 MP10 / 14.0.x < 14.0 RU1 MP1 Multiple Vulnerabilities (SYMSA1454)

The version of Symantec Endpoint Protection SEP Client installed on the remote host is 12.1.x prior to 12.1 RU6 MP10 or 14.0.x prior to 14.0 RU1 MP1. It is, therefore, affected by a multiple vulnerabilities as referenced in the advisory. Note that Nessus has not tested for this issue but has...

Race condition

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition or race hazard. This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events...

CVE-2017-13680

Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users...

CVE-2016-3647

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request...

CVE-2016-3651

CVE-2016-3651 affects Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5. The issue is that remote authenticated users can discover the PHP JSESSIONID value on the web server via unspecified vectors. The vulnerability is listed among multiple SEPM issues and is associated with sessio...

CVE-2016-3649

Symantec Endpoint Protection Manager (SEPM) 12.1.x before RU6 MP5 is vulnerable to CVE-2016-3649, where remote authenticated administrators can enumerate other administrator accounts by sending modified GET requests to the SEPM interface. The issue is categorized under information-disclosure via ...

CVE-2016-3652

Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-3651

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors...

CVE-2016-3650

Symantec Endpoint Protection Manager (SEPM) 12.1.x before RU6 MP5 is vulnerable to a server credentials disclosure (CVE-2016-3650) via brute-force-style weakness when authenticated to the management console. The issue is one of multiple vulnerabilities affecting SEPM 12.1.x; the root cause is exp...

Symantec Endpoint Protection Multiple Security Issues

SUMMARY Symantec Endpoint Protection SEP was susceptible to a number of security vulnerabilities potentially resulting in a user being able to leverage elevated privilege or access to unauthorized files on the management console. Additionally, a race condition in the device control of a SEP clien...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script...

CVE-2015-8153

Symantec Endpoint Protection Manager (SEPM) 12.1 prior to RU6-MP4 is affected by CVE-2015-8153 (SQL injection). Interfaces with the SEPM backend allow a remote authenticated attacker to execute arbitrary SQL via unspecified vectors, potentially impacting data confidentiality, integrity, and avail...

Symantec Endpoint Protection Manager-RU6-MP3任意Java代码执行漏洞

No description provided by source...

Symantec Endpoint Protection Manager-RU6-MP3任意操作系统命令执行漏洞

No description provided by source...

CVE-2015-6554

Symantec Endpoint Protection Manager SEPM 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data...

Symantec Endpoint Protection Multiple Vulnerabilities (Oct 2015)

Symantec Endpoint Protection is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...