Symantec Endpoint Protection Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Symantec Endpoint Protection Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (41)
CVE-2016-3650 — CVSS 8.8 (high): Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force…
CVE-2016-3648 — CVSS 8.8 (high): Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock…
CVE-2015-8154 — CVSS 8.8 (high): The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1…
CVE-2015-8153 — CVSS 8.8 (high): SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute…
CVE-2015-1489 — CVSS 8.5 (high): The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain…
CVE-2015-1492 — CVSS 8.5 (high): Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain…
CVE-2015-6555 — CVSS 8.5 (high): Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting…
CVE-2016-3651 — CVSS 8.0 (high): Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via…
CVE-2013-1612 — CVSS 7.9 (high): Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec…
CVE-2019-12759 — CVSS 7.8 (high): Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x…
CVE-2018-18368 — CVSS 7.8 (high): Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type…
CVE-2018-18367 — CVSS 7.8 (high): Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL…
CVE-2015-1486 — CVSS 7.5 (high): The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass…
CVE-2015-6554 — CVSS 7.5 (high): Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted…
CVE-2013-5014 — CVSS 7.5 (high): The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and…
CVE-2014-3437 — CVSS 7.5 (high): The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or…
CVE-2020-5835 — CVSS 7.0 (high): Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of…
CVE-2016-5304 — CVSS 6.8 (medium): Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote…
CVE-2013-5015 — CVSS 6.5 (medium): SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1…
CVE-2014-3439 — CVSS 6.1 (medium): ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via…
CVE-2015-1491 — CVSS 6.0 (medium): SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote…
CVE-2015-1487 — CVSS 5.5 (medium): The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write…
CVE-2015-1490 — CVSS 5.5 (medium): Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows…
CVE-2016-5305 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6…
CVE-2016-3652 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6…
CVE-2016-5306 — CVSS 5.3 (medium): Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it…
CVE-2020-5834 — CVSS 5.3 (medium): Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to…
CVE-2015-1488 — CVSS 4.0 (medium): An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows…
CVE-2020-5828 — CVSS 3.3 (low): Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type…
CVE-2020-5829 — CVSS 3.3 (low): Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type…
CVE-2020-5830 — CVSS 3.3 (low): Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type…
CVE-2020-5831 — CVSS 3.3 (low): Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type…
CVE-2020-5833 — CVSS 3.3 (low): Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that…
CVE-2020-5827 — CVSS 3.3 (low): Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type…
CVE-2015-8801 — CVSS 2.9 (low): Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions…