Vulnerabilites related to symantec - data_loss_prevention
CVE-2011-0548 (GCVE-0-2011-0548)
Vulnerability from cvelistv5
Published
2011-07-18 22:00
Modified
2024-08-06 21:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44779"
},
{
"name": "1025595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025595"
},
{
"name": "1025594",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025594"
},
{
"name": "1025596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44779"
},
{
"name": "1025595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025595"
},
{
"name": "1025594",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025594"
},
{
"name": "1025596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44779"
},
{
"name": "1025595",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025595"
},
{
"name": "1025594",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025594"
},
{
"name": "1025596",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025596"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0548",
"datePublished": "2011-07-18T22:00:00",
"dateReserved": "2011-01-20T00:00:00",
"dateUpdated": "2024-08-06T21:58:25.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9701 (GCVE-0-2019-9701)
Vulnerability from cvelistv5
Published
2019-06-19 15:55
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site Scripting
Summary
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Data Loss Prevention |
Version: Prior to and including DLP 15.5 MP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1484.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Loss Prevention",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to and including DLP 15.5 MP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T19:06:06",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1484.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2019-9701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Loss Prevention",
"version": {
"version_data": [
{
"version_value": "Prior to and including DLP 15.5 MP1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/us/en/article.SYMSA1484.html",
"refsource": "MISC",
"url": "https://support.symantec.com/us/en/article.SYMSA1484.html"
},
{
"name": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2019-9701",
"datePublished": "2019-06-19T15:55:27",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1485 (GCVE-0-2015-1485)
Vulnerability from cvelistv5
Published
2015-06-28 19:00
Modified
2024-08-06 04:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032710",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
},
{
"name": "75289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1032710",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
},
{
"name": "75289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-1485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032710",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032710"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
},
{
"name": "75289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-1485",
"datePublished": "2015-06-28T19:00:00",
"dateReserved": "2015-02-05T00:00:00",
"dateUpdated": "2024-08-06T04:47:17.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9230 (GCVE-0-2014-9230)
Vulnerability from cvelistv5
Published
2015-06-28 19:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75288"
},
{
"name": "1032710",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "75288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75288"
},
{
"name": "1032710",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-9230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75288"
},
{
"name": "1032710",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032710"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2014-9230",
"datePublished": "2015-06-28T19:00:00",
"dateReserved": "2014-12-03T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-06-19 16:15
Modified
2024-11-21 04:52
Severity ?
Summary
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | data_loss_prevention | 14.0 | |
| symantec | data_loss_prevention | 14.0.1 | |
| symantec | data_loss_prevention | 14.0.2 | |
| symantec | data_loss_prevention | 14.5 | |
| symantec | data_loss_prevention | 14.5 | |
| symantec | data_loss_prevention | 14.6 | |
| symantec | data_loss_prevention | 14.6 | |
| symantec | data_loss_prevention | 14.6 | |
| symantec | data_loss_prevention | 14.6 | |
| symantec | data_loss_prevention | 15.0 | |
| symantec | data_loss_prevention | 15.0 | |
| symantec | data_loss_prevention | 15.1 | |
| symantec | data_loss_prevention | 15.1 | |
| symantec | data_loss_prevention | 15.5 | |
| symantec | data_loss_prevention | 15.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F842F400-93B3-4376-AFCC-C8C9C63896B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3972E2E8-DA86-4892-883C-65462FB9A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0193904A-0BAA-4660-9327-2F8276FA4D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D252B8D3-C41D-4D99-AB59-3D6F5E14D829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:14.5:mp1:*:*:*:*:*:*",
"matchCriteriaId": "8A2EAFF5-D676-43FF-97C9-8070D49EF4F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECB2955-D76C-48C5-BD82-93CF0D3BDB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:14.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "F17CD295-737A-4F45-B938-AE811C4ACDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:14.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "90E32E87-B5FB-4921-A25C-43D20DF47359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:14.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "78A62EE3-6605-4D8F-9510-26835CA8C61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79B13E58-8A7D-485E-8EAE-FB253B0DC154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:15.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "C9209A5C-9CB4-4C24-83D3-466DF0BDDA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C87CECE-4CFE-4398-8017-AE2F838CA4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:15.1:mp1:*:*:*:*:*:*",
"matchCriteriaId": "6E20035F-CEFF-489D-92E2-2EA8B3CAA554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E19E68C-4B5E-4A1B-BEA6-516D9C84FB5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:15.5:mp1:*:*:*:*:*:*",
"matchCriteriaId": "3269E939-1943-44AF-9E60-DF79EB14E9C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy."
},
{
"lang": "es",
"value": "DLP versi\u00f3n 15.5 MP1 y todas las versiones anteriores puede ser susceptible a una vulnerabilidad de tipo cross site scripting (XSS), que es un tipo de problema que puede permitir a los atacantes inyectar scripts del lado del cliente en p\u00e1ginas web visitadas por otros usuarios. Los atacantes pueden usar una vulnerabilidad de tipo cross site scripting para omitir los controles de acceso, tales como la pol\u00edtica del mismo origen."
}
],
"id": "CVE-2019-9701",
"lastModified": "2024-11-21T04:52:08.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T16:15:11.313",
"references": [
{
"source": "secure@symantec.com",
"url": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html"
},
{
"source": "secure@symantec.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1484.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.symantec.com/us/en/article.SYMSA1484.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-28 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | data_loss_prevention | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC727357-5DDA-4255-9DCD-D4885E7A13F0",
"versionEndIncluding": "12.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en la consola de administraci\u00f3n en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores."
}
],
"id": "CVE-2015-1485",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-28T19:59:03.163",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/75289"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1032710"
},
{
"source": "secure@symantec.com",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/75289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-28 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | data_loss_prevention | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC727357-5DDA-4255-9DCD-D4885E7A13F0",
"versionEndIncluding": "12.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la consola de administraci\u00f3n en Enforce Server en Symantec Data Loss Prevention (DLP) anterior a 12.5.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-9230",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-28T19:59:00.087",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securityfocus.com/bid/75288"
},
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1032710"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20150622_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-18 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8C3973-B0BC-4649-BAE3-2A8E7A43711D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23814C81-4058-4772-99FE-ACF667F3F007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D4CCA5D-0586-4453-BEA1-04E8D33853F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D06A2B-40DA-4F28-85AD-BFF9D21F4AB6",
"versionEndIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3C1B7-73FC-407A-9EFB-7B25F67F6B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D70FC5D5-0230-4E06-852B-6F44D3C30956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD7C7F5-B444-4205-95E8-66EEF09C5B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00FCAADA-AF2C-4B77-85FD-164977D72854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B69880-197A-4CDF-8137-FA7265F47899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2391478-B933-4D12-83AF-7627B2AA9BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC9D871-3946-4A9A-9A64-9AB5B3E9632D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "109EAF12-19C9-4332-B7E6-D39A85508220",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB5ECA0-85AC-4DAC-9CBA-35E729D1BB1B",
"versionEndIncluding": "10.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BDD5F65-FC86-4BAF-8C09-85A2A171CB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D816241-534F-4CC9-9D3B-EF7E44655DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A128389-3A28-45A9-A6A3-C0AB0726EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCC69D1-4565-4EBC-AC34-685C24AB3282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "062A4D59-651B-41A7-B787-33F6970790C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DBE01A-3C12-494C-B7E9-0BCD406C74A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40CF3C33-4C43-4428-908A-7C16C3004EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:10:*:*:*:*:*:*:*",
"matchCriteriaId": "1F542CC1-193B-4503-B106-E0423BF88B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD1850A-6FE6-4E0B-A15C-9FBDD7E8A80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11044D7D-313E-4E16-A096-E1B79C02919B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_loss_prevention:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46F9853C-025D-4C4E-B895-6DBCE65DFE11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Lotus Freelance Graphics PRZ file viewer en Auntonomy KeyView, tal como se utiliza en Symantec Mail Security (SMS) v6.x hasta v8.x, Symantec Brightmail y Messaging Gateway antes de v9.5.1, y Symantec Data Loss Prevention (DLP) antes de v10.5.3 y v11.x antes de v11,1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .prz manipulado. Nota: Esta vulnerabilidad puede solaparse con CVE-2011-1217"
}
],
"id": "CVE-2011-0548",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-18T22:55:00.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44779"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025594"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025595"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025596"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}