Vulnerabilities > Symantec
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-23958 | Unspecified vulnerability in Symantec Protection Engine Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | 6.5 |
| 2023-09-19 | CVE-2023-23957 | Open Redirect vulnerability in Symantec Identity Portal 14.4 An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | 5.4 |
| 2022-12-09 | CVE-2022-25629 | Cross-site Scripting vulnerability in Symantec Messaging Gateway An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). | 5.4 |
| 2022-12-09 | CVE-2022-25630 | Cross-site Scripting vulnerability in Symantec Messaging Gateway An authenticated user can embed malicious content with XSS into the admin group policy page. | 5.4 |
| 2022-11-08 | CVE-2022-37015 | Unspecified vulnerability in Symantec Endpoint Detection and Response Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 9.8 |
| 2022-03-04 | CVE-2022-25623 | Unspecified vulnerability in Symantec Management Agent 8.5/8.6 The Symantec Management Agent is susceptible to a privilege escalation vulnerability. | 7.8 |
| 2021-04-27 | CVE-2021-30642 | OS Command Injection vulnerability in Symantec Security Analytics 7.2.1/7.2.2/7.2.3 An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. | 10.0 |
| 2020-11-18 | CVE-2020-12593 | Unspecified vulnerability in Symantec Endpoint Detection and Response Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 5.0 |
| 2020-07-08 | CVE-2020-5839 | Information Exposure vulnerability in Symantec Endpoint Detection and Response 4.1.0/4.2.0/4.3.0 Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 5.0 |
| 2020-05-13 | CVE-2020-5838 | Cross-site Scripting vulnerability in Symantec IT Analytics Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. | 3.5 |