Posted by Markus Wulftange on Aug 01

Code White found several vulnerabilities in Symantec Endpoint Protection
(SEP), affecting versions 12.1 prior to 12.1 RU6 MP1.

SEP Manager (SEPM):

* CVE-2015-1486: Authentication Bypass
* CVE-2015-1487: Arbitrary File Write
* CVE-2015-1488: Arbitrary File Read
* CVE-2015-1489: Privilege Escalation
* CVE-2015-1490: Path Traversal
* CVE-2015-1491: SQL Injection

SEP clients:

* CVE-2015-1492: Binary Planting

Official Symantec advisory SYM15-007:…