CVE-2016-3653

8HIGH

Key Information

Vendor: Symantec
Status: Endpoint Protection Manager
Vendor: CVE Published:; 30 June 2016

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.

Refferences

https://www.symantec.com/security_response/securityupdate...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036196

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/91442

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/40041/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2016
Vulnerability Reserved
Mar 23, 2016

Collectors

NVD DatabaseMitre Database