Symantec: >> Endpoint Protection Manager >> 12.1 Security Vulnerabilities
Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-04-25
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.
CVSS Score
8.0
EPSS Score
0.008
Published
2016-03-18
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
7.5
EPSS Score
0.223
Published
2014-11-07
Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.162
Published
2014-11-07
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.124
Published
2014-11-07
Page 2