CSRF in Symantec Data_loss_prevention

CVE-2015-1485

Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.010 (59.3th percentile) — read the EPSS interpretation.

Affected products

Symantec Data_loss_prevention
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

secure@symantec.com (vdb-entry, x_refsource_SECTRACK)
secure@symantec.com (x_refsource_CONFIRM)
secure@symantec.com (vdb-entry, x_refsource_BID, Vendor Advisory)