Cross Site Scripting Vulnerability in Symantec Endpoint Detection and Response Software
CVE-2019-19547

6.1MEDIUM

Key Information:

Vendor

Symantec
Status
Endpoint Detection And Response (sedr)
Vendor
CVE Published:
13 January 2020

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

What is CVE-2019-19547?

Symantec Endpoint Detection and Response software, prior to version 4.3.0, is vulnerable to a cross site scripting (XSS) issue. This vulnerability allows attackers to inject malicious client-side scripts into web pages that are subsequently viewed by other users. An attacker could leverage this XSS vulnerability to circumvent access controls such as the same-origin policy, leading to unauthorized actions and potential data theft. Organizations using earlier versions of SEDR should promptly update to ensure their web applications remain secure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Endpoint Detection and Response (SEDR) Prior to 4.3.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-19547
Created by nasbench

References

https://support.symantec.com/us/en/article.SYMSA1502.html
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.