|
|||
Rule General Information |
---|
Release Date: | 2016-09-08 | |
Rule Name: | WEB-OTHER Symantec Endpoint Protection Consoleservlet Resetpassword Policy Bypass Vulnerability -4 (CVE-2015-1486) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | |
Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
Affected OS: | Windows | |
Reference: | SecurityFocusBID:76074 |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory& |