CVE-2016-5304

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
symantecCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
symantecendpoint_protection_manager
𝑥
≤ 12.1.6
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/91447
http://www.securitytracker.com/id/1036196
https://www.exploit-db.com/exploits/40041/
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
http://www.securityfocus.com/bid/91447
http://www.securitytracker.com/id/1036196
https://www.exploit-db.com/exploits/40041/
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01