CVE-2016-3653

Published on: 06/30/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:03 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Certain versions of Endpoint Protection Manager from Symantec contain the following vulnerability:

Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.

  • CVE-2016-3653 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 40041
Symantec Endpoint Protection Multiple Bugs Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, Server-Side Request Forgery, Security Bypass, File Disclosure, and Open Redirect Attacks - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036196
Symantec Endpoint Protection Manager and Client Multiple Cross Site Request Forgery Vulnerabilities cve.report (archive)
text/html
URL Logo BID 91442
Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Multiple Security Issues - 2016-06-28T03:00:00 PDT | Symantec Vendor Advisory
www.symantec.com
text/html
URL Logo CONFIRM www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationSymantecEndpoint Protection ManagerAllmp4AllAll
  • cpe:2.3:a:symantec:endpoint_protection_manager:*:mp4:*:*:*:*:*:*: