|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-09-08 | |
| Rule Name: | WEB-OTHER Symantec Endpoint Protection Consoleservlet Resetpassword Policy Bypass Vulnerability -4 (CVE-2015-1486) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | |
| Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
| Affected OS: | Windows | |
| Reference: | SecurityFocusBID:76074 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory& |