CVE-2011-0551Cross-Site Request Forgery in Endpoint Protection

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 50.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Endpoint Protection
Timeline
PublishedAug 15
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-7c3j-fprf-2xqw: Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 112022-05-17
CVEList
CVE-2011-0551: Cross-site request forgery (CSRF) vulnerability in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 112011-08-15
CVE-2011-0551 — Cross-Site Request Forgery in Symantec | cvebase