CVE-2016-3647

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection Manager versions 12.1 before RU6 MP5

Description The issue allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. This enables triggering network traffic to arbitrary intranet hosts via a crafted request. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For Symantec Endpoint Protection Manager versions 12.1 before RU6 MP5, update to RU6 MP5 or later to resolve the issue.