 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.805203 |
| Categoría: | Web application abuses |
| Título: | Symantec Endpoint Protection Manager Multiple Vulnerabilities (Dec 2014) |
| Resumen: | Symantec Endpoint Protection Manager is prone to multiple vulnerabilities. |
| Descripción: | Summary: Symantec Endpoint Protection Manager is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The /console/Highlander_docs/SSO-Error.jsp script does not validate input to the 'ErrorMsg' parameter before returning it to users. - ConsoleServlet does not properly sanitize user input supplied via the 'ActionType' parameter. - Incorrectly configured XML parser accepting XML external entities from an untrusted source. - The /portal/Loading.jsp script does not validate input to the 'uri' parameter before returning it to users. Vulnerability Impact: Successful exploitation will allow attackers to gain access to arbitrary files, write to or overwrite arbitrary files and execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5. Solution: Upgrade to Symantec Endpoint Protection Manager 12.1 RU5 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3439 BugTraq ID: 70845 http://www.securityfocus.com/bid/70845 Bugtraq: 20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection (Google Search) http://www.securityfocus.com/archive/1/533918/100/0/threaded http://seclists.org/fulldisclosure/2014/Nov/7 http://www.securitytracker.com/id/1031176 XForce ISS Database: symantec-endpoint-cve20143439-file-overwrite(98527) https://exchange.xforce.ibmcloud.com/vulnerabilities/98527 Common Vulnerability Exposure (CVE) ID: CVE-2014-3438 BugTraq ID: 70844 http://www.securityfocus.com/bid/70844 XForce ISS Database: symantec-endpoint-cve20143438-xss(98526) https://exchange.xforce.ibmcloud.com/vulnerabilities/98526 Common Vulnerability Exposure (CVE) ID: CVE-2014-3437 BugTraq ID: 70843 http://www.securityfocus.com/bid/70843 XForce ISS Database: symantec-endpoint-cve20143437-info-disc(98525) https://exchange.xforce.ibmcloud.com/vulnerabilities/98525 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |