PT-2016-3862 · Symantec · Symantec Endpoint Protection Manager+1

Published

2016-03-18

Updated

2016-12-03

CVE-2015-8152

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection Manager version 12.1 before RU6-MP4

Description A cross-site request forgery issue allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by modifying a logging script.

Recommendations For Symantec Endpoint Protection Manager version 12.1 before RU6-MP4, update to RU6-MP4 or later to resolve the issue. As a temporary workaround, consider restricting access to the logging script to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2015-8152

Affected Products

Symantec Endpoint Protection Manager

Symantec Endpoint Protection Server

PT-2016-3862 · Symantec · Symantec Endpoint Protection Manager+1

CVE-2015-8152

Weakness Enumeration

Related Identifiers

Affected Products

References · 6