Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
symantec endpoint protection manager 12.1 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2016-5305
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack.
Symantec Endpoint Protection Manager
8.8
CVSSv3
CVE-2016-3648
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization...
Symantec Endpoint Protection Manager
2.9
CVSSv3
CVE-2015-8801
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.
Symantec Endpoint Protection Manager
8
CVSSv3
CVE-2015-8152
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.
Symantec Endpoint Protection Manager
1 Article
8.8
CVSSv3
CVE-2015-8154
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote malicious users to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."
Symantec Endpoint Protection Manager
1 Article
5.3
CVSSv3
CVE-2016-5306
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote malicious users to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.
Symantec Endpoint Protection Manager
NA
CVE-2015-1489
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.
Symantec Endpoint Protection Manager 12.1.0
1 EDB exploit
NA
CVE-2015-1488
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.
Symantec Endpoint Protection Manager 12.1.0
NA
CVE-2015-1491
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Symantec Endpoint Protection Manager 12.1.0
NA
CVE-2015-1486
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 allows remote malicious users to bypass authentication via a crafted password-reset action that triggers a new administrative session.
Symantec Endpoint Protection Manager 12.1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »