Search
Find a vulnerability
Search criteria
8 vulnerabilities found for endpoint_detection_and_response by symantec
CVE-2022-37015 (GCVE-0-2022-37015)
Vulnerability from nvd – Published: 2022-11-08 00:00 – Updated: 2025-05-01 18:23
VLAI
Summary
Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of Privilege
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Symantec Endpoint Detection and Response |
Affected:
4.6.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T18:22:49.834663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T18:23:14.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Detection and Response",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.6.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21005"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2022-37015",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-07-28T00:00:00.000Z",
"dateUpdated": "2025-05-01T18:23:14.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12593 (GCVE-0-2020-12593)
Vulnerability from nvd – Published: 2020-11-18 22:40 – Updated: 2024-08-04 11:56
VLAI
Summary
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.broadcom.com/security-advisory/co… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Symantec Endpoint Detection & Response (SEDR) |
Affected:
Prior to 4.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Endpoint-Detection-Response-Security-Update/SYMSA16562"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Detection \u0026 Response (SEDR)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Detection \u0026 Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T22:40:41.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Endpoint-Detection-Response-Security-Update/SYMSA16562"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2020-12593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Detection \u0026 Response (SEDR)",
"version": {
"version_data": [
{
"version_value": "Prior to 4.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Endpoint Detection \u0026 Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Endpoint-Detection-Response-Security-Update/SYMSA16562",
"refsource": "CONFIRM",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Endpoint-Detection-Response-Security-Update/SYMSA16562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2020-12593",
"datePublished": "2020-11-18T22:40:41.000Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:56:52.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5839 (GCVE-0-2020-5839)
Vulnerability from nvd – Published: 2020-07-08 15:08 – Updated: 2024-08-04 08:39
VLAI
Summary
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.broadcom.com/security-advisory/co… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Symantec Endpoint Detection And Response |
Affected:
Prior to 4.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Detection And Response",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T15:08:54.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2020-5839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Detection And Response",
"version": {
"version_data": [
{
"version_value": "Prior to 4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2020-5839",
"datePublished": "2020-07-08T15:08:54.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19547 (GCVE-0-2019-19547)
Vulnerability from nvd – Published: 2020-01-13 15:10 – Updated: 2024-08-05 02:16
VLAI
Summary
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec | Endpoint Detection and Response (SEDR) |
Affected:
Prior to 4.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1502.html"
},
{
"name": "FEDORA-2020-4a3ff78ba5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/"
},
{
"name": "FEDORA-2020-acd8cdb08d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Endpoint Detection and Response (SEDR)",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "Prior to 4.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T03:06:04.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1502.html"
},
{
"name": "FEDORA-2020-4a3ff78ba5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/"
},
{
"name": "FEDORA-2020-acd8cdb08d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-19547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Endpoint Detection and Response (SEDR)",
"version": {
"version_data": [
{
"version_value": "Prior to 4.3.0"
}
]
}
}
]
},
"vendor_name": "Symantec"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1502.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1502.html"
},
{
"name": "FEDORA-2020-4a3ff78ba5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/"
},
{
"name": "FEDORA-2020-acd8cdb08d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-19547",
"datePublished": "2020-01-13T15:10:46.000Z",
"dateReserved": "2019-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:48.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37015 (GCVE-0-2022-37015)
Vulnerability from cvelistv5 – Published: 2022-11-08 00:00 – Updated: 2025-05-01 18:23
VLAI
Summary
Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of Privilege
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Symantec Endpoint Detection and Response |
Affected:
4.6.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T18:22:49.834663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T18:23:14.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Detection and Response",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.6.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/21005"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2022-37015",
"datePublished": "2022-11-08T00:00:00.000Z",
"dateReserved": "2022-07-28T00:00:00.000Z",
"dateUpdated": "2025-05-01T18:23:14.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12593 (GCVE-0-2020-12593)
Vulnerability from cvelistv5 – Published: 2020-11-18 22:40 – Updated: 2024-08-04 11:56
VLAI
Summary
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.broadcom.com/security-advisory/co… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Symantec Endpoint Detection & Response (SEDR) |
Affected:
Prior to 4.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Endpoint-Detection-Response-Security-Update/SYMSA16562"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Detection \u0026 Response (SEDR)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Detection \u0026 Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T22:40:41.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Endpoint-Detection-Response-Security-Update/SYMSA16562"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2020-12593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Detection \u0026 Response (SEDR)",
"version": {
"version_data": [
{
"version_value": "Prior to 4.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Endpoint Detection \u0026 Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Endpoint-Detection-Response-Security-Update/SYMSA16562",
"refsource": "CONFIRM",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Endpoint-Detection-Response-Security-Update/SYMSA16562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2020-12593",
"datePublished": "2020-11-18T22:40:41.000Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:56:52.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5839 (GCVE-0-2020-5839)
Vulnerability from cvelistv5 – Published: 2020-07-08 15:08 – Updated: 2024-08-04 08:39
VLAI
Summary
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.broadcom.com/security-advisory/co… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Symantec Endpoint Detection And Response |
Affected:
Prior to 4.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Symantec Endpoint Detection And Response",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T15:08:54.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2020-5839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Detection And Response",
"version": {
"version_data": [
{
"version_value": "Prior to 4.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090",
"refsource": "MISC",
"url": "https://support.broadcom.com/security-advisory/content/security-advisories/SEDR-Information-Disclosure/SYMSA16090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2020-5839",
"datePublished": "2020-07-08T15:08:54.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19547 (GCVE-0-2019-19547)
Vulnerability from cvelistv5 – Published: 2020-01-13 15:10 – Updated: 2024-08-05 02:16
VLAI
Summary
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.symantec.com/us/en/article.SYMSA1… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec | Endpoint Detection and Response (SEDR) |
Affected:
Prior to 4.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1502.html"
},
{
"name": "FEDORA-2020-4a3ff78ba5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/"
},
{
"name": "FEDORA-2020-acd8cdb08d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Endpoint Detection and Response (SEDR)",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "Prior to 4.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T03:06:04.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1502.html"
},
{
"name": "FEDORA-2020-4a3ff78ba5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/"
},
{
"name": "FEDORA-2020-acd8cdb08d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-19547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Endpoint Detection and Response (SEDR)",
"version": {
"version_data": [
{
"version_value": "Prior to 4.3.0"
}
]
}
}
]
},
"vendor_name": "Symantec"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1502.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/us/en/article.SYMSA1502.html"
},
{
"name": "FEDORA-2020-4a3ff78ba5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/"
},
{
"name": "FEDORA-2020-acd8cdb08d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-19547",
"datePublished": "2020-01-13T15:10:46.000Z",
"dateReserved": "2019-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:48.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}