Vulnerabilities > Symantec > Endpoint Protection Manager

DATE CVE VULNERABILITY TITLE RISK
2016-06-30 CVE-2016-3648 7PK - Security Features vulnerability in Symantec Endpoint Protection Manager 12.1.6
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window.
network
low complexity
symantec CWE-254
8.8
2016-06-30 CVE-2016-3647 Unspecified vulnerability in Symantec Endpoint Protection Manager 12.1.6
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request.
network
low complexity
symantec
7.7
2016-06-30 CVE-2015-8801 Improper Access Control vulnerability in Symantec Endpoint Protection Manager 12.1.6
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.
high complexity
symantec CWE-284
2.9
2016-03-18 CVE-2015-8154 Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection Manager
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."
network
low complexity
symantec CWE-264
8.8
2016-03-18 CVE-2015-8153 SQL Injection vulnerability in Symantec Endpoint Protection Manager
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
symantec CWE-89
8.8
2016-03-18 CVE-2015-8152 Cross-Site Request Forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager 12.1
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.
network
low complexity
symantec CWE-352
8.0