Symantec Endpoint_protection_manager
30 CVEs affecting Symantec Endpoint_protection_manager. Latest disclosed: 2016-06-30. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-3650 | High | 8.8 | 2016-06-30 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. |
CVE-2016-3648 | High | 8.8 | 2016-06-30 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and c… |
CVE-2015-8154 | High | 8.8 | 2016-03-18 | The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows re… |
CVE-2015-8153 | High | 8.8 | 2016-03-18 | SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL comma… |
CVE-2016-3653 | High | 8.0 | 2016-06-30 | Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remot… |
CVE-2016-3651 | High | 8.0 | 2016-06-30 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. |
CVE-2015-8152 | High | 8.0 | 2016-03-18 | Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack… |
CVE-2016-3647 | High | 7.7 | 2016-06-30 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and tr… |
CVE-2016-5304 | Medium | 6.8 | 2016-06-30 | Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users… |
CVE-2016-5305 | Medium | 5.4 | 2016-06-30 | Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authe… |
CVE-2016-3652 | Medium | 5.4 | 2016-06-30 | Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authe… |
CVE-2016-5306 | Medium | 5.3 | 2016-06-30 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote att… |
CVE-2016-5307 | Medium | 4.3 | 2016-06-30 | Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files… |
CVE-2016-3649 | Medium | 4.3 | 2016-06-30 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET… |
CVE-2015-8801 | Low | 2.9 | 2016-06-30 | Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer… |
CVE-2015-6555 | | 2015-11-12 | Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java p… | |
CVE-2015-6554 | | 2015-11-12 | Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. | |
CVE-2015-1492 | | 2015-08-01 | Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan h… | |
CVE-2015-1491 | | 2015-08-01 | SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users… | |
CVE-2015-1490 | | 2015-08-01 | Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated… |