Vulnerabilities > Symantec

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-23958 Unspecified vulnerability in Symantec Protection Engine
Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.
network
low complexity
symantec
6.5
2023-09-19 CVE-2023-23957 Open Redirect vulnerability in Symantec Identity Portal 14.4
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4
network
low complexity
symantec CWE-601
5.4
2022-12-09 CVE-2022-25629 Cross-site Scripting vulnerability in Symantec Messaging Gateway
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
network
low complexity
symantec CWE-79
5.4
2022-12-09 CVE-2022-25630 Cross-site Scripting vulnerability in Symantec Messaging Gateway
An authenticated user can embed malicious content with XSS into the admin group policy page.
network
low complexity
symantec CWE-79
5.4
2022-11-08 CVE-2022-37015 Unspecified vulnerability in Symantec Endpoint Detection and Response
Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
network
low complexity
symantec
critical
9.8
2022-03-04 CVE-2022-25623 Unspecified vulnerability in Symantec Management Agent 8.5/8.6
The Symantec Management Agent is susceptible to a privilege escalation vulnerability.
local
low complexity
symantec
7.8
2021-04-27 CVE-2021-30642 OS Command Injection vulnerability in Symantec Security Analytics 7.2.1/7.2.2/7.2.3
An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.
network
low complexity
symantec CWE-78
critical
10.0
2020-11-18 CVE-2020-12593 Unspecified vulnerability in Symantec Endpoint Detection and Response
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
network
low complexity
symantec
5.0
2020-07-08 CVE-2020-5839 Information Exposure vulnerability in Symantec Endpoint Detection and Response 4.1.0/4.2.0/4.3.0
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
network
low complexity
symantec CWE-200
5.0
2020-05-13 CVE-2020-5838 Cross-site Scripting vulnerability in Symantec IT Analytics
Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users.
network
symantec CWE-79
3.5