CVE-2015-1488 — Sensitive Information Exposure in Endpoint Protection Manager

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.5%

top 34.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Endpoint Protection Manager

Timeline

PublishedAug 1

Latest updateMay 17

Description

An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsymantec/endpoint_protection_manager12.1.0

🔴Vulnerability Details

GHSA

GHSA-32gq-pfjx-x48v: An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12↗2022-05-17

▶

CVEList

CVE-2015-1488: An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12↗2015-08-01

▶