Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Symantec Endpoint Protection: multiple vulnerabilities

August 2016 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of Symantec Endpoint
Protection.

Impacted products: Symantec Endpoint Protection.

Severity: 2/4.

Creation date: 29/06/2016.

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in Symantec Endpoint
Protection.

An attacker can trigger a Cross Site Request Forgery, in order to
force the victim to perform operations. [severity:2/4;
CVE-2016-3647]

An attacker can try many authentication attempts since accounts
are never locked. [severity:1/4; CVE-2016-3648]

An attacker can get information on existing administrator
accounts. [severity:1/4; CVE-2016-3649]

An attacker can get server credentials. [severity:1/4;
CVE-2016-3650]

An attacker can trigger a Cross Site Scripting via a DOM
interface, in order to run JavaScript code in the context of the
web site. [severity:2/4; CVE-2016-3651]

An attacker can trigger a Cross Site Scripting via a management
console, in order to run JavaScript code in the context of the web
site. [severity:2/4; CVE-2016-3652]

An attacker can trigger a Cross Site Request Forgery via a
management console, in order to force the victim to perform
operations. [severity:2/4; CVE-2016-3653]

An attacker can deceive the user, in order to redirect him to a
malicious site. [severity:1/4; CVE-2016-5304]

An attacker can change a DOM interface to manipulate a link on php
script. [severity:1/4; CVE-2016-5305]

An attacker can bypass "Strict transport security" rules using the
port 8445. [severity:1/4; CVE-2016-5306]

An attacker can traverse directories in the management console, in
order to read a file outside the root path. [severity:2/4;
CVE-2016-5307]

An attacker can exploit race conditions, in order to escalate his
privileges. [severity:1/4; CVE-2015-8801]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/Symantec-Endpoint-Protection-multiple-vulnerabilities-19996


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts