Home » News » Vulnerabilities » Flaws have been detected in Symantec Endpoint Protection Manager

Flaws have been detected in Symantec Endpoint Protection Manager

By Gina on August 12, 2011 | Vulnerabilities, vulnerabilities in Symantec Endpoint Protection Manager, Symantec Endpoint Protection Manager has flaws, three holes in Symantec Endpoint Protection Manager Flaws have been detected in Symantec Endpoint Protection Manager

Symantec Endpoint Protection Manager has been found with several vulnerabilities. According to Secunia, this flaw may be exploited by hackers easily to control cross-site scripting and request counterfeiting attacks.

The first flaw is found in URL that symbols are being not properly cleaned and returned to user. This can cause an execution of arbitrary HTML and script code in a user's browser.

The second vulnerability is related to an input which is passed via the "token" parameter to portal/Help.jsp. If it will be used by cybercriminals it may execute HTML and script code in a user's browser as well.

The third hole can be exploited in tricking user to login into malicious website because the portal application allows users to do their steps via HTTP requests without performing any verification of the request.

However, these vulnerabilities are found in version 11.0.6 Maintenance Patch 2. This may affect the next version as well. The solution that is offered is an update to version 11.0.7000 RU7.

More Vulnerabilities news

Shocking: 9 out of 10 websites still vulnerable to old attacks

Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle  (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.


News categories

Latest news

Related news