Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3653

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.0HIGH
EPSS
0.2%
top 63.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Endpoint Protection Manager
Timeline
PublishedJun 30
Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-qhxf-hx7c-356p: Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 122022-05-17
CVEList
CVE-2016-3653: Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 122016-06-30

💥Exploits & PoCs

1
Exploit-DB
Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities2016-06-29
CVE-2016-3653 (HIGH CVSS 8) | Multiple cross-site request forgery | cvebase.io