← Back

CVE-2018-18367

nvd nist
Published: Apr 25, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Affected (32)

Symantec
1 product
Endpoint Protection Manager
Configuration A
32 vulnerable
Vulnerable SoftwareAffected Versions
Symantec
Endpoint Protection Manager
Version 12.1 rtm
Endpoint Protection Manager
Version 12.1 ru1-mp1
Endpoint Protection Manager
Version 12.1 ru1
Endpoint Protection Manager
Version 12.1 ru2-mp1
Endpoint Protection Manager
Version 12.1 ru2
Endpoint Protection Manager
Version 12.1 ru3
Endpoint Protection Manager
Version 12.1 ru4-mp1
Endpoint Protection Manager
Version 12.1 ru4-mp1a
Endpoint Protection Manager
Version 12.1 ru4-mp1b
Endpoint Protection Manager
Version 12.1 ru4
Endpoint Protection Manager
Version 12.1 ru4a
Endpoint Protection Manager
Version 12.1 ru5
Endpoint Protection Manager
Version 12.1 ru6-mp1
Endpoint Protection Manager
Version 12.1 ru6-mp1a
Endpoint Protection Manager
Version 12.1 ru6-mp2
Endpoint Protection Manager
Version 12.1 ru6-mp3
Endpoint Protection Manager
Version 12.1 ru6-mp4
Endpoint Protection Manager
Version 12.1 ru6-mp5
Endpoint Protection Manager
Version 12.1 ru6-mp6
Endpoint Protection Manager
Version 12.1 ru6-mp7
Endpoint Protection Manager
Version 12.1 ru6-mp8
Endpoint Protection Manager
Version 12.1 ru6-mp9
Endpoint Protection Manager
Version 12.1 ru6
Endpoint Protection Manager
Version 14.0.1
Endpoint Protection Manager
Version 14.0.1 mp1
Endpoint Protection Manager
Version 14.0.1 mp2
Endpoint Protection Manager
Version 14.1
Endpoint Protection Manager
Version 14.2
Endpoint Protection Manager
Version 14.2 mp1
Endpoint Protection Manager
Version 14
Endpoint Protection Manager
Version 14 mp1
Endpoint Protection Manager
Version 14 mp2

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (4)

Source: secure@symantec.com
Third Party AdvisoryVDB Entry
Source: secure@symantec.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.