PHP Session Identifier Exposure in Symantec Endpoint Protection Manager
CVE-2016-3651

8HIGH

Key Information:

Vendor

Symantec
Status
Endpoint Protection Manager
Vendor
CVE Published:
30 June 2016

What is CVE-2016-3651?

A vulnerability exists in Symantec Endpoint Protection Manager (SEPM) 12.1 prior to RU6 MP5, which allows remote authenticated users to potentially expose sensitive session information. Specifically, the vulnerability enables these users to retrieve the PHP JSESSIONID value through various unspecified methods. This exposure could lead to unauthorized access and manipulation of user sessions, posing significant risks to the confidentiality and integrity of the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.symantec.com/security_response/securityupdate...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036196
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/91445
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.