Skip to main content

Endpoint Protection Manager

39 CVEs product

Monthly

CVE-2020-5835 HIGH This Week

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-5834 MEDIUM This Month

Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-5833 LOW Monitor

Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-5831 LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-5830 LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-5829 LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-5828 LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-5827 LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2019-12759 HIGH PATCH This Week

Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Endpoint Protection Manager Mail Security
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2016-5307 MEDIUM This Month

Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-5306 MEDIUM This Month

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-5305 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Protection Manager
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-5304 MEDIUM POC This Month

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Endpoint Protection Manager
NVD Exploit-DB
CVSS 3.0
6.8
EPSS
7.1%
CVE-2016-3653 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Endpoint Protection Manager
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
0.2%
CVE-2016-3652 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Endpoint Protection Manager
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.9%
CVE-2016-3651 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
8.0
EPSS
1.5%
CVE-2016-3650 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-3649 MEDIUM This Month

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-3648 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-3647 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Endpoint Protection Manager
NVD
CVSS 3.0
7.7
EPSS
0.2%
CVE-2015-8801 LOW Monitor

Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations. Rated low severity (CVSS 2.9). No vendor patch available.

Authentication Bypass Endpoint Protection Manager
NVD
CVSS 3.0
2.9
EPSS
0.1%
CVE-2015-8154 HIGH This Week

The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Endpoint Protection Manager
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2015-8153 HIGH This Week

SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Endpoint Protection Manager
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2015-8152 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF RCE Endpoint Protection Manager
NVD
CVSS 3.0
8.0
EPSS
0.8%
CVE-2015-6555 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection Endpoint Protection Manager
NVD
CVSS 2.0
8.5
EPSS
1.6%
CVE-2015-6554 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Endpoint Protection Manager
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-1492 HIGH This Week

Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 2.0
8.5
EPSS
0.8%
CVE-2015-1491 MEDIUM This Month

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

SQLi Endpoint Protection Manager
NVD
CVSS 2.0
6.0
EPSS
1.0%
CVE-2015-1490 MEDIUM This Month

Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
CVSS 2.0
5.5
EPSS
2.3%
CVE-2015-1489 HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 60.8%.

Privilege Escalation Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
8.5
EPSS
60.8%
Threat
5.0
CVE-2015-1488 MEDIUM This Month

An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-1487 MEDIUM POC THREAT This Month

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.2%.

Information Disclosure Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
5.5
EPSS
51.2%
Threat
4.1
CVE-2015-1486 HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.5%.

Authentication Bypass Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.5%
Threat
5.4
CVE-2014-3439 MEDIUM POC This Month

ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
6.1
EPSS
9.9%
CVE-2014-3438 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.7%.

XSS Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.7%
CVE-2014-3437 HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

XXE Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
17.7%
CVE-2013-5015 MEDIUM POC THREAT This Month

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.5%.

SQLi Endpoint Protection Manager Protection Center
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
64.5%
Threat
4.7
CVE-2013-5014 HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.2%.

XXE Endpoint Protection Manager Protection Center
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
86.2%
Threat
5.6
CVE-2013-1612 HIGH POC This Week

Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition. Rated high severity (CVSS 7.9). Public exploit code available and no vendor patch available.

Buffer Overflow RCE Endpoint Protection Manager Endpoint Protection Center
NVD Exploit-DB
CVSS 2.0
7.9
EPSS
2.7%
EPSS 0% CVSS 7.0
HIGH This Week

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Endpoint Protection Manager
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Endpoint Protection Manager +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Protection Manager
NVD
EPSS 7% CVSS 6.8
MEDIUM POC This Month

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Endpoint Protection Manager
NVD Exploit-DB
EPSS 0% CVSS 8.0
HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Endpoint Protection Manager
NVD Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Endpoint Protection Manager
NVD Exploit-DB
EPSS 1% CVSS 8.0
HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Endpoint Protection Manager
NVD
EPSS 0% CVSS 2.9
LOW Monitor

Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations. Rated low severity (CVSS 2.9). No vendor patch available.

Authentication Bypass Endpoint Protection Manager
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Endpoint Protection Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Endpoint Protection Manager
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF RCE Endpoint Protection Manager
NVD
EPSS 2% CVSS 8.5
HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Endpoint Protection Manager
NVD
EPSS 1% CVSS 8.5
HIGH This Week

Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

SQLi Endpoint Protection Manager
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
EPSS 61% 5.0 CVSS 8.5
HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 60.8%.

Privilege Escalation Endpoint Protection Manager
NVD Exploit-DB
EPSS 0% CVSS 4.0
MEDIUM This Month

An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
EPSS 51% 4.1 CVSS 5.5
MEDIUM POC THREAT This Month

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.2%.

Information Disclosure Endpoint Protection Manager
NVD Exploit-DB
EPSS 79% 5.4 CVSS 7.5
HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.5%.

Authentication Bypass Endpoint Protection Manager
NVD Exploit-DB
EPSS 10% CVSS 6.1
MEDIUM POC This Month

ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD Exploit-DB
EPSS 14% CVSS 4.3
MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.7%.

XSS Endpoint Protection Manager
NVD Exploit-DB
EPSS 18% CVSS 7.5
HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

XXE Endpoint Protection Manager
NVD Exploit-DB
EPSS 65% 4.7 CVSS 6.5
MEDIUM POC THREAT This Month

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.5%.

SQLi Endpoint Protection Manager Protection Center
NVD Exploit-DB
EPSS 86% 5.6 CVSS 7.5
HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.2%.

XXE Endpoint Protection Manager Protection Center
NVD Exploit-DB
EPSS 3% CVSS 7.9
HIGH POC This Week

Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition. Rated high severity (CVSS 7.9). Public exploit code available and no vendor patch available.

Buffer Overflow RCE Endpoint Protection Manager +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy