Cross-Site Request Forgery Vulnerability in Symantec Data Loss Prevention
CVE-2015-1485

Currently unrated

Key Information:

Vendor: Symantec
Status: Data Loss Prevention
Vendor: CVE Published:; 28 June 2015

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the administration console of the Enforce Server within Symantec Data Loss Prevention (DLP) prior to version 12.5.2. This flaw enables remote attackers to exploit the insecurity, potentially allowing them to hijack user sessions of administrators, thereby compromising the administration capabilities of the product. Proper security measures and updates should be implemented to mitigate this type of threat.

References

http://www.securitytracker.com/id/1032710

vdb-entryx_refsource_SECTRACK

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/75289

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 28, 2015
Vulnerability Reserved
Feb 5, 2015