Search criteria
27 vulnerabilities found for encryption_management_server by symantec
FKIE_CVE-2018-5243
Vulnerability from fkie_nvd - Published: 2018-08-20 18:29 - Updated: 2024-11-21 04:08
Severity ?
Summary
The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/105062 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1041527 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://support.symantec.com/en_US/article.SYMSA1458.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105062 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041527 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.symantec.com/en_US/article.SYMSA1458.html | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_management_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25EDB9F4-AC96-4380-AB50-B258F1A09F30",
"versionEndIncluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
},
{
"lang": "es",
"value": "El producto Symantec Encryption Management Server (SEMS) en versiones anteriores a la versi\u00f3n 3.4.2 MP1, puede ser susceptible a una denegaci\u00f3n de servicio (DoS). Un ataque DoS es un tipo de ataque en el que el infractor intenta hacer que un dispositivo o recurso de red en concreto se vuelva inutilizable para sus usuarios originales mediante la interrupci\u00f3n temporal o indefinida de un host espec\u00edfico en una red."
}
],
"id": "CVE-2018-5243",
"lastModified": "2024-11-21T04:08:24.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-20T18:29:00.230",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105062"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041527"
},
{
"source": "secure@symantec.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1458.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-8151
Vulnerability from fkie_nvd - Published: 2016-02-18 22:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_management_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:*:mp11:*:*:*:*:*:*",
"matchCriteriaId": "799923FD-C097-464F-A37A-4434FEB560D4",
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access."
},
{
"lang": "es",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 en versiones anteriores a MP12 permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios mediante el aprovechamiento del acceso de administrador a la consola."
}
],
"id": "CVE-2015-8151",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-18T22:59:03.777",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/83268"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-8150
Vulnerability from fkie_nvd - Published: 2016-02-18 22:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_management_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:*:mp11:*:*:*:*:*:*",
"matchCriteriaId": "799923FD-C097-464F-A37A-4434FEB560D4",
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file."
},
{
"lang": "es",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 en versiones anteriores a MP12 permite a usuarios locales obtener acceso root mediante la modificaci\u00f3n de un archivo batch."
}
],
"id": "CVE-2015-8150",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 2.2,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-18T22:59:02.840",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/83269"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-8148
Vulnerability from fkie_nvd - Published: 2016-02-18 22:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_management_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:*:mp11:*:*:*:*:*:*",
"matchCriteriaId": "799923FD-C097-464F-A37A-4434FEB560D4",
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request."
},
{
"lang": "es",
"value": "El servicio LDAP en Symantec Encryption Management Server (SEMS) 3.3.2 en versiones anteriores a MP12 permite a atacantes remotos obtener informaci\u00f3n sensible acerca de cuentas de administrador a trav\u00e9s de una petici\u00f3n modificada."
}
],
"id": "CVE-2015-8148",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-18T22:59:01.027",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/83271"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-8149
Vulnerability from fkie_nvd - Published: 2016-02-18 22:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_management_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:*:mp11:*:*:*:*:*:*",
"matchCriteriaId": "799923FD-C097-464F-A37A-4434FEB560D4",
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests."
},
{
"lang": "es",
"value": "El servicio LDAP en Symantec Encryption Management Server (SEMS) 3.3.2 en versiones anteriores a MP12 permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica e interrupci\u00f3n de servicio) a trav\u00e9s de peticiones manipuladas."
}
],
"id": "CVE-2015-8149",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-18T22:59:01.933",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/83270"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7288
Vulnerability from fkie_nvd - Published: 2015-02-01 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_management_server | * | |
| symantec | pgp_universal_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:*:mp6:*:*:*:*:*:*",
"matchCriteriaId": "63B4355A-8F8B-42F7-B1C1-308C18DC0998",
"versionEndIncluding": "3.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_universal_server:*:mp6:*:*:*:*:*:*",
"matchCriteriaId": "0D28E1F2-66F4-4D5B-B325-A978A3FE45F4",
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action."
},
{
"lang": "es",
"value": "Symantec PGP Universal Server y Encryption Management Server anterior a 3.3.2 MP7 permiten a administradores remotos autenticados ejecutar comandos de shell arbitrarios a trav\u00e9s de una l\u00ednea de comandos manipulada en una acci\u00f3n de restauraci\u00f3n de la copia de seguridad de la base de datos."
}
],
"id": "CVE-2014-7288",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-01T02:59:02.583",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.exploit-db.com/exploits/35949"
},
{
"source": "secure@symantec.com",
"url": "http://www.osvdb.org/117766"
},
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/72308"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1031673"
},
{
"source": "secure@symantec.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"source": "secure@symantec.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/35949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/117766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7287
Vulnerability from fkie_nvd - Published: 2015-02-01 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_management_server | * | |
| symantec | pgp_universal_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:*:mp6:*:*:*:*:*:*",
"matchCriteriaId": "63B4355A-8F8B-42F7-B1C1-308C18DC0998",
"versionEndIncluding": "3.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_universal_server:*:mp6:*:*:*:*:*:*",
"matchCriteriaId": "0D28E1F2-66F4-4D5B-B325-A978A3FE45F4",
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header."
},
{
"lang": "es",
"value": "El componente de la gesti\u00f3n de claves en Symantec PGP Universal Server y Encryption Management Server anterior a 3.3.2 MP7 permite a atacantes remotos provocar contenido no intencionado en mensajes de email salientes a trav\u00e9s de un valor de clave UID manipulado en un mensaje de email entrante, tal y como fue demostrado por la cabecera del asunto saliente."
}
],
"id": "CVE-2014-7287",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-01T02:59:01.520",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72307"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1031673"
},
{
"source": "secure@symantec.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"source": "secure@symantec.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100762"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-1643
Vulnerability from fkie_nvd - Published: 2014-02-07 04:52 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_management_server | * | |
| symantec | encryption_management_server | 3.3.0 | |
| symantec | encryption_management_server | 3.3.0 | |
| symantec | encryption_management_server | 3.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA2224-7F1E-46CC-8931-222F0C6D561F",
"versionEndIncluding": "3.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E805751-CA25-49A9-A77F-4BC81B6544C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:3.3.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "043D4F02-8D77-45BA-B181-EAC094CEF5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:3.3.0:mp2:*:*:*:*:*:*",
"matchCriteriaId": "BC429204-6C41-424E-A22B-BDA4868CDDF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL."
},
{
"lang": "es",
"value": "El componente Web Email Protection en Symantec Encryption Management Server (tambi\u00e9n conocido como PGP Universal Server) anterior a 3.3.2 permite a usuarios remotos autenticados leer los e-mail de salida de usuarios arbitrarios a trav\u00e9s de una URL modificada."
}
],
"id": "CVE-2014-1643",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-07T04:52:04.347",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/65300"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1029729"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00"
},
{
"source": "secure@symantec.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4674
Vulnerability from fkie_nvd - Published: 2013-07-31 13:20 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | encryption_management_server | * | |
| symantec | encryption_management_server | 3.3.0 | |
| symantec | pgp_universal_server | 3.2.0 | |
| symantec | pgp_universal_server | 3.2.1 | |
| symantec | pgp_universal_server | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:*:mp1:*:*:*:*:*:*",
"matchCriteriaId": "2069D735-6AFB-42E2-9905-727BC4843334",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:encryption_management_server:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E805751-CA25-49A9-A77F-4BC81B6544C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_universal_server:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA364D4-4B6E-4041-B47B-C19BE1D0182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_universal_server:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE70F7D-6053-4BB3-A6AE-568812684DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pgp_universal_server:3.2.1:mp2:*:*:*:*:*:*",
"matchCriteriaId": "13F6B46F-E6C2-41A5-9820-D3B6C1490524",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en el componente Email Protection en Symantec Encryption Management Server (anteriormente Symantec PGP Universal Server) anterior a 3.3.0 MP2, permite a usuarios autenticados remotamente la inyecci\u00f3n arbitraria de c\u00f3digo HTML o web a trav\u00e9s de un adjunto de correo cifrado."
}
],
"id": "CVE-2013-4674",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-31T13:20:28.907",
"references": [
{
"source": "secure@symantec.com",
"url": "http://osvdb.org/95581"
},
{
"source": "secure@symantec.com",
"url": "http://secunia.com/advisories/54214"
},
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/61290"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1028820"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00"
},
{
"source": "secure@symantec.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-5243 (GCVE-0-2018-5243)
Vulnerability from cvelistv5 – Published: 2018-08-20 18:00 – Updated: 2024-09-16 17:24
VLAI?
Summary
The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
Severity ?
No CVSS data available.
CWE
- Denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Encryption Management Server (SEMS) |
Affected:
Prior to 3.4.2 MP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1458.html"
},
{
"name": "1041527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041527"
},
{
"name": "105062",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Encryption Management Server (SEMS)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 3.4.2 MP1"
}
]
}
],
"datePublic": "2018-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-25T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1458.html"
},
{
"name": "1041527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041527"
},
{
"name": "105062",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-08-13T00:00:00",
"ID": "CVE-2018-5243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Encryption Management Server (SEMS)",
"version": {
"version_data": [
{
"version_value": "Prior to 3.4.2 MP1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1458.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1458.html"
},
{
"name": "1041527",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041527"
},
{
"name": "105062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-5243",
"datePublished": "2018-08-20T18:00:00Z",
"dateReserved": "2018-01-05T00:00:00",
"dateUpdated": "2024-09-16T17:24:18.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8149 (GCVE-0-2015-8149)
Vulnerability from cvelistv5 – Published: 2016-02-18 22:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83270",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83270",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-8149",
"datePublished": "2016-02-18T22:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8150 (GCVE-0-2015-8150)
Vulnerability from cvelistv5 – Published: 2016-02-18 22:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-8150",
"datePublished": "2016-02-18T22:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8148 (GCVE-0-2015-8148)
Vulnerability from cvelistv5 – Published: 2016-02-18 22:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-8148",
"datePublished": "2016-02-18T22:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8151 (GCVE-0-2015-8151)
Vulnerability from cvelistv5 – Published: 2016-02-18 22:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "83268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "83268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "83268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83268"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-8151",
"datePublished": "2016-02-18T22:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7287 (GCVE-0-2014-7287)
Vulnerability from cvelistv5 – Published: 2015-02-01 02:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031673",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031673"
},
{
"name": "72307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72307"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "symantec-cve20147287-header-injection(100762)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1031673",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031673"
},
{
"name": "72307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72307"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "symantec-cve20147287-header-injection(100762)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-7287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031673"
},
{
"name": "72307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72307"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "symantec-cve20147287-header-injection(100762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-7287",
"datePublished": "2015-02-01T02:00:00",
"dateReserved": "2014-10-02T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7288 (GCVE-0-2014-7288)
Vulnerability from cvelistv5 – Published: 2015-02-01 02:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031673",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "35949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/35949"
},
{
"name": "symantec-cve20147288-command-exec(100763)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
},
{
"name": "117766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/117766"
},
{
"name": "72308",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1031673",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "35949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/35949"
},
{
"name": "symantec-cve20147288-command-exec(100763)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
},
{
"name": "117766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/117766"
},
{
"name": "72308",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-7288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031673"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "35949",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35949"
},
{
"name": "symantec-cve20147288-command-exec(100763)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
},
{
"name": "117766",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/117766"
},
{
"name": "72308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-7288",
"datePublished": "2015-02-01T02:00:00",
"dateReserved": "2014-10-02T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1643 (GCVE-0-2014-1643)
Vulnerability from cvelistv5 – Published: 2014-02-07 02:00 – Updated: 2024-08-06 09:50
VLAI?
Summary
The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:10.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00"
},
{
"name": "65300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65300"
},
{
"name": "symantec-cve20141643-info-disc(90946)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-02T19:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1029729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00"
},
{
"name": "65300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65300"
},
{
"name": "symantec-cve20141643-info-disc(90946)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029729"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00"
},
{
"name": "65300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65300"
},
{
"name": "symantec-cve20141643-info-disc(90946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-1643",
"datePublished": "2014-02-07T02:00:00",
"dateReserved": "2014-01-23T00:00:00",
"dateUpdated": "2024-08-06T09:50:10.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4674 (GCVE-0-2013-4674)
Vulnerability from cvelistv5 – Published: 2013-07-31 10:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61290"
},
{
"name": "symantec-encryption-cve20134674-xss(85902)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00"
},
{
"name": "54214",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54214"
},
{
"name": "95581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95581"
},
{
"name": "1028820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "61290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61290"
},
{
"name": "symantec-encryption-cve20134674-xss(85902)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00"
},
{
"name": "54214",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54214"
},
{
"name": "95581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95581"
},
{
"name": "1028820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2013-4674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61290"
},
{
"name": "symantec-encryption-cve20134674-xss(85902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00"
},
{
"name": "54214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54214"
},
{
"name": "95581",
"refsource": "OSVDB",
"url": "http://osvdb.org/95581"
},
{
"name": "1028820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2013-4674",
"datePublished": "2013-07-31T10:00:00",
"dateReserved": "2013-06-24T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5243 (GCVE-0-2018-5243)
Vulnerability from nvd – Published: 2018-08-20 18:00 – Updated: 2024-09-16 17:24
VLAI?
Summary
The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
Severity ?
No CVSS data available.
CWE
- Denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Symantec Encryption Management Server (SEMS) |
Affected:
Prior to 3.4.2 MP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1458.html"
},
{
"name": "1041527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041527"
},
{
"name": "105062",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Encryption Management Server (SEMS)",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 3.4.2 MP1"
}
]
}
],
"datePublic": "2018-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-25T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1458.html"
},
{
"name": "1041527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041527"
},
{
"name": "105062",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-08-13T00:00:00",
"ID": "CVE-2018-5243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Encryption Management Server (SEMS)",
"version": {
"version_data": [
{
"version_value": "Prior to 3.4.2 MP1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/en_US/article.SYMSA1458.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1458.html"
},
{
"name": "1041527",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041527"
},
{
"name": "105062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-5243",
"datePublished": "2018-08-20T18:00:00Z",
"dateReserved": "2018-01-05T00:00:00",
"dateUpdated": "2024-09-16T17:24:18.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8149 (GCVE-0-2015-8149)
Vulnerability from nvd – Published: 2016-02-18 22:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83270",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83270",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-8149",
"datePublished": "2016-02-18T22:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8150 (GCVE-0-2015-8150)
Vulnerability from nvd – Published: 2016-02-18 22:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-8150",
"datePublished": "2016-02-18T22:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8148 (GCVE-0-2015-8148)
Vulnerability from nvd – Published: 2016-02-18 22:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
},
{
"name": "83271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-8148",
"datePublished": "2016-02-18T22:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8151 (GCVE-0-2015-8151)
Vulnerability from nvd – Published: 2016-02-18 22:00 – Updated: 2024-08-06 08:13
VLAI?
Summary
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "83268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1035063",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "83268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035063"
},
{
"name": "83268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83268"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160218_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-8151",
"datePublished": "2016-02-18T22:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7287 (GCVE-0-2014-7287)
Vulnerability from nvd – Published: 2015-02-01 02:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031673",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031673"
},
{
"name": "72307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72307"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "symantec-cve20147287-header-injection(100762)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1031673",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031673"
},
{
"name": "72307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72307"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "symantec-cve20147287-header-injection(100762)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-7287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031673"
},
{
"name": "72307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72307"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "symantec-cve20147287-header-injection(100762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-7287",
"datePublished": "2015-02-01T02:00:00",
"dateReserved": "2014-10-02T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7288 (GCVE-0-2014-7288)
Vulnerability from nvd – Published: 2015-02-01 02:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:32.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1031673",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "35949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/35949"
},
{
"name": "symantec-cve20147288-command-exec(100763)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
},
{
"name": "117766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/117766"
},
{
"name": "72308",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1031673",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "35949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/35949"
},
{
"name": "symantec-cve20147288-command-exec(100763)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
},
{
"name": "117766",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/117766"
},
{
"name": "72308",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-7288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031673"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150129_00"
},
{
"name": "35949",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35949"
},
{
"name": "symantec-cve20147288-command-exec(100763)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763"
},
{
"name": "117766",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/117766"
},
{
"name": "72308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-7288",
"datePublished": "2015-02-01T02:00:00",
"dateReserved": "2014-10-02T00:00:00",
"dateUpdated": "2024-08-06T12:47:32.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1643 (GCVE-0-2014-1643)
Vulnerability from nvd – Published: 2014-02-07 02:00 – Updated: 2024-08-06 09:50
VLAI?
Summary
The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:10.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00"
},
{
"name": "65300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65300"
},
{
"name": "symantec-cve20141643-info-disc(90946)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-02T19:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1029729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00"
},
{
"name": "65300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65300"
},
{
"name": "symantec-cve20141643-info-disc(90946)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029729"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20140205_00"
},
{
"name": "65300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65300"
},
{
"name": "symantec-cve20141643-info-disc(90946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-1643",
"datePublished": "2014-02-07T02:00:00",
"dateReserved": "2014-01-23T00:00:00",
"dateUpdated": "2024-08-06T09:50:10.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4674 (GCVE-0-2013-4674)
Vulnerability from nvd – Published: 2013-07-31 10:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61290"
},
{
"name": "symantec-encryption-cve20134674-xss(85902)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00"
},
{
"name": "54214",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54214"
},
{
"name": "95581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95581"
},
{
"name": "1028820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "61290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61290"
},
{
"name": "symantec-encryption-cve20134674-xss(85902)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00"
},
{
"name": "54214",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54214"
},
{
"name": "95581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95581"
},
{
"name": "1028820",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2013-4674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61290"
},
{
"name": "symantec-encryption-cve20134674-xss(85902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20130722_00"
},
{
"name": "54214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54214"
},
{
"name": "95581",
"refsource": "OSVDB",
"url": "http://osvdb.org/95581"
},
{
"name": "1028820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2013-4674",
"datePublished": "2013-07-31T10:00:00",
"dateReserved": "2013-06-24T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}