Published: 18/03/2016 Updated: 03/12/2016

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1

VMScore: 756

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Subscribe to Endpoint Protection Manager

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec endpoint protection manager

Symantec warns of serious security holes – in Symantec security kit

The Register • Shaun Nichols in San Francisco • 18 Mar 2016

Even the gatekeepers need patching

Symantec is advising users of its Endpoint Protection (SEP) software to update their systems, after three vulnerabilities were reported in the computer defense tools. Two of the bugs – a cross-site scripting (XSS) flaw, and a SQL injection vulnerability – are in the SEP Management Console, a web-based portal you can log into over a network or locally on the SEP management server. Both of the programming blunders can be exploited by a user logged into the console to gain higher privileges wit...

CVE-2015-8152

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect