Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
symantec management console vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2015-1487
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.
Symantec Endpoint Protection Manager 12.1.0
1 EDB exploit
5.5
CVSSv2
CVE-2015-1490
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 prior to 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.
Symantec Endpoint Protection Manager 12.1.0
5.2
CVSSv2
CVE-2017-6323
The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data,...
Symantec Management Console 7.6
Symantec Management Console 8.0
Symantec Management Console
5.2
CVSSv2
CVE-2017-15527
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing ...
Symantec Management Console
5.2
CVSSv2
CVE-2014-1650
SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) prior to 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Symantec Web Gateway
5
CVSSv2
CVE-2017-13677
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
Broadcom Advanced Secure Gateway
Broadcom Symantec Proxysg
5
CVSSv2
CVE-2017-10349
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network acc...
Oracle Jdk 1.9.0
Oracle Jre 1.9.0
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Oracle Jre 1.6.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Tus 7.4
Redhat Enterprise Linux Eus 7.4
Redhat Enterprise Linux Eus 7.5
Redhat Satellite 5.8
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Eus 7.6
5
CVSSv2
CVE-2012-4347
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSe...
Symantec Messaging Gateway 9.5.2
Symantec Messaging Gateway 9.5.4
Symantec Messaging Gateway 9.5.1
Symantec Messaging Gateway 9.5.3
Symantec Messaging Gateway 9.5
1 EDB exploit
5
CVSSv2
CVE-2012-2977
The management console in Symantec Web Gateway 5.0.x prior to 5.0.3.18 allows remote malicious users to change arbitrary passwords via crafted input to an application script.
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0.3
2 EDB exploits
4.7
CVSSv2
CVE-2013-1613
SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x prior to 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Symantec Security Information Manager 4.7.0
Symantec Security Information Manager 4.7.1
Symantec Security Information Manager 4.7.3
Symantec Security Information Manager 4.8.0
Symantec Security Information Manager 4.7.4
Symantec Security Information Manager 4.7.2
Symantec Security Information Manager Appliance -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »