|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-08-26 | |
| Rule Name: | Symantec Endpoint Protection Manager Cross Site Request Forgery Vulnerability -1 (CVE-2016-3653) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users. | |
| Impact: | An attacker can launch a cross-site request forgery in the context of the affected software. Arbitrary script transmitted from a user that the software trusts can be executed in a successful exploit attempt. | |
| Affected OS: | Windows | |
| Reference: | SecurityFocusBID:91442 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory& |