Executive Summary

Informations
Name CVE-2015-1487 First vendor Publication 2015-07-31
Vendor Cve Last vendor Modification 2017-09-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:P/A:P)
Cvss Base Score 5.5 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1487

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-08-06 IAVM : 2015-A-0182 - Multiple Vulnerabilities in Symantec Endpoint Protection Manager (SEPM)
Severity : Category I - VMSKEY : V0061275

Snort® IPS/IDS

Date Description
2015-09-18 Symantec Endpoint Protection directory traversal attempt
RuleID : 35613 - Revision : 2 - Type : SERVER-WEBAPP
2015-09-18 Symantec Endpoint Protection directory traversal attempt
RuleID : 35612 - Revision : 2 - Type : SERVER-WEBAPP
2015-09-18 Symantec Endpoint Protection directory traversal attempt
RuleID : 35611 - Revision : 2 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2015-08-13 Name : An application running on the remote host is affected by multiple vulnerabili...
File : symantec_endpoint_prot_mgr_sym15-007_remote.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2015-08-06 Name : The version of Symantec Endpoint Protection Manager installed on the remote h...
File : symantec_endpoint_prot_mgr_sym15-007.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/76094
CONFIRM http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=secu...
EXPLOIT-DB https://www.exploit-db.com/exploits/37812/
SECTRACK http://www.securitytracker.com/id/1033165

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2021-05-04 12:38:35
  • Multiple Updates
2021-04-22 01:47:18
  • Multiple Updates
2020-05-23 13:17:06
  • Multiple Updates
2020-05-23 00:44:27
  • Multiple Updates
2017-09-21 09:25:19
  • Multiple Updates
2017-09-17 09:23:31
  • Multiple Updates
2016-07-21 12:06:14
  • Multiple Updates
2015-10-18 17:23:29
  • Multiple Updates
2015-09-18 21:22:06
  • Multiple Updates
2015-08-18 13:35:00
  • Multiple Updates
2015-08-15 00:26:02
  • Multiple Updates
2015-08-12 13:33:09
  • Multiple Updates
2015-08-04 17:26:03
  • Multiple Updates
2015-08-01 09:27:37
  • First insertion