CVE-2016-3647 - Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to

CVE-2016-3647

Summary

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request. <a href="https://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>

References

Vulnerable Configurations

cpe:2.3:a:symantec:endpoint_protection_manager:12.1.6:mp4:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_protection_manager:12.1.6:mp4:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 01-09-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:N

refmap via4

bid	91433
confirm	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
sectrack	1036196

Last major update

01-09-2017 - 01:29

Published

30-06-2016 - 23:59

Last modified

01-09-2017 - 01:29