CSRF Vulnerability in Symantec Endpoint Protection Manager
CVE-2015-8152

8HIGH

Key Information:

Vendor

Symantec
Status
Endpoint Protection Manager
Vendor
CVE Published:
18 March 2016

What is CVE-2015-8152?

A cross-site request forgery (CSRF) vulnerability exists in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4. This flaw allows authenticated remote users to perform unauthorized actions by exploiting the system to hijack the authentication of administrators. Attackers can execute arbitrary code through specially crafted requests, leading to potential compromises of the management interface and data integrity.

References

http://www.securitytracker.com/id/1035329
vdb-entryx_refsource_SECTRACK
http://www.symantec.com/security_response/securityupdates...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/84343
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.