CVE-2015-8152

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.0HIGH
EPSS
0.8%
top 26.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Endpoint Protection Manager
Timeline
PublishedMar 18
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2xc2-v898-cwrf: Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 122022-05-17
CVEList
CVE-2015-8152: Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 122016-03-18

📋Vendor Advisories

1
Red Hat
Java: Streaming XML Signature verification failure2015-01-19
CVE-2015-8152 (HIGH CVSS 8) | Cross-site request forgery (CSRF) v | cvebase.io