Symantec: >> Management Center >> 2.2 Security Vulnerabilities
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.
CVSS Score
5.9
EPSS Score
0.002
Published
2020-04-10
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-08-30