CVE-2016-5304
MEDIUMSymantec Endpoint Protection Manager < 12.1.6 - Open Redirect
Title source: ruleDescription
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by hyp3rlinx · textwebappsphp
https://www.exploit-db.com/exploits/40041
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036196
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91447
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/40041/
Scores
CVSS v3
6.8
EPSS
0.0715
EPSS Percentile
91.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Details
Status
published
Products (1)
symantec/endpoint_protection_manager
< 12.1.6
Published
Jun 30, 2016
Tracked Since
Feb 18, 2026