CVE-2016-5304

6.8MEDIUM

Key Information

Vendor: Symantec
Status: Endpoint Protection Manager
Vendor: CVE Published:; 30 June 2016

Summary

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Refferences

https://www.symantec.com/security_response/securityupdate...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036196

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/91447

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/40041/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 30, 2016
Vulnerability Reserved
Jun 6, 2016

Collectors

NVD DatabaseMitre Database

.