CVE-2015-1490

CWE-22 — Path Traversal3 documents3 sources

Severity

5.5MEDIUM

EPSS

2.3%

top 15.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Endpoint Protection Manager

Timeline

PublishedAug 1

Latest updateMay 17

Description

Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

▶NVDsymantec/endpoint_protection_manager12.1.0

🔴Vulnerability Details

GHSA

GHSA-5qwf-vq64-v3vr: Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12↗2022-05-17

▶

CVEList

CVE-2015-1490: Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12↗2015-08-01

▶