Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Endpoint_protection_manager
(Symantec)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 41 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-06-30 | CVE-2016-3648 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. | Endpoint_protection_manager | 8.8 | ||
2016-06-30 | CVE-2016-3647 | Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request. | Endpoint_protection_manager | 7.7 | ||
2016-06-30 | CVE-2015-8801 | Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. | Endpoint_protection_manager | 2.9 | ||
2016-03-18 | CVE-2015-8154 | The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." | Endpoint_protection_manager | 8.8 | ||
2016-03-18 | CVE-2015-8153 | SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | Endpoint_protection_manager | 8.8 | ||
2016-03-18 | CVE-2015-8152 | Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | Endpoint_protection_manager | 8.0 | ||
2015-11-12 | CVE-2015-6555 | Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | Endpoint_protection_manager | N/A | ||
2015-11-12 | CVE-2015-6554 | Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. | Endpoint_protection_manager | N/A | ||
2015-07-31 | CVE-2015-1492 | Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | Endpoint_protection_manager | N/A | ||
2015-07-31 | CVE-2015-1491 | SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | Endpoint_protection_manager | N/A |