Vulnerabilities > Symantec > Endpoint Protection Manager > High

DATE CVE VULNERABILITY TITLE RISK
2016-03-18 CVE-2015-8153 SQL Injection vulnerability in Symantec Endpoint Protection Manager
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
symantec CWE-89
8.8
2016-03-18 CVE-2015-8152 Cross-Site Request Forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager 12.1
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.
network
low complexity
symantec CWE-352
8.0