9 matches found
CVE-2018-5243
CVE-2018-5243 affects the Symantec Encryption Management Server (SEMS) prior to version 3.4.2 MP1 . The issue is described as a denial-of-service vulnerability; the exact root cause is not detailed in the provided documents. Impact is listed as DoS with partial to high availability impact dependi...
CVE-2014-1643
Symantec Encryption Management Server (aka PGP Universal Server) Web Email Protection prior to 3.3.2 is vulnerable: an authenticated Web Messenger/Remote user can alter a URL to view another user’s stored outbound emails due to a flaw in Web Email Protection’s access restrictions. Affected versio...
CVE-2015-8148
CVE-2015-8148 affects Symantec Encryption Management Server (SEMS) LDAP service. SEMS 3.3.2 before MP12 is vulnerable to an information-disclosure via crafted LDAP requests that allows an unauthenticated remote attacker to obtain sensitive information about administrator accounts. This is part of...
CVE-2014-7288
Symantec Encryption Management Server (and PGP Universal Server) prior to 3.3.2 MP7 is affected by CVE-2014-7288. The issue allows an authenticated administrator to execute arbitrary shell commands via a crafted database-backup restore command. OpenVAS identifies it as a local command-injection v...
CVE-2015-8151
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 is affected by CVE-2015-8151, a web UI command-injection vulnerability. An authenticated remote user with console administrator access can cause arbitrary OS commands to run with elevated privileges due to improper input sanitization ...
CVE-2015-8149
The CVE-2015-8149 entry concerns Symantec Encryption Management Server (SEMS) LDAP service. Affects SEMS 3.3.2 prior to MP12; the LDAP service can be exploited remotely by sending crafted LDAP requests to trigger heap memory corruption and a service outage (DoS). The issue is described as a remot...
CVE-2014-7287
CVE-2014-7287 affects Symantec Encryption Management Server (aka Symantec PGP Universal Server) before 3.3.2 MP7. The root cause is in the key-management component, where specially formatted PGP key UIDs in inbound mail can trigger unintended content in outbound emails (e.g., manipulated Subject/...
CVE-2015-8150
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 is affected by CVE-2015-8150, a local-privilege-elevation flaw. According to the sources, a local attacker can gain root access by modifying a batch file that normally runs with root privileges. The issue is part of multiple vulnerabi...
CVE-2013-4674
CVE-2013-4674 is an XSS vulnerability in Symantec Encryption Management Server (formerly PGP Universal Server), specifically in the Web Email Protection component. The issue affects versions before 3.3.0 MP2 where remote authenticated users could inject arbitrary web script or HTML via a crafted ...