CVE-2016-5304 - Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (S

CVE-2016-5304

Summary

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

References

Vulnerable Configurations

cpe:2.3:a:symantec:endpoint_protection_manager:12.1.6:mp4:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_protection_manager:12.1.6:mp4:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 03-09-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:P/A:N

refmap via4

bid	91447
confirm	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
exploit-db	40041
sectrack	1036196

Last major update

03-09-2017 - 01:29

Published

30-06-2016 - 23:59

Last modified

03-09-2017 - 01:29