Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users...

CVE-2016-3649

Symantec Endpoint Protection Manager (SEPM) 12.1.x before RU6 MP5 is vulnerable to CVE-2016-3649, where remote authenticated administrators can enumerate other administrator accounts by sending modified GET requests to the SEPM interface. The issue is categorized under information-disclosure via ...

CVE-2016-3647

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request...

CVE-2016-3652

Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-3651

CVE-2016-3651 affects Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5. The issue is that remote authenticated users can discover the PHP JSESSIONID value on the web server via unspecified vectors. The vulnerability is listed among multiple SEPM issues and is associated with sessio...

CVE-2016-3651

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors...

Symantec Endpoint Protection Multiple Security Issues

SUMMARY Symantec Endpoint Protection SEP was susceptible to a number of security vulnerabilities potentially resulting in a user being able to leverage elevated privilege or access to unauthorized files on the management console. Additionally, a race condition in the device control of a SEP clien...