Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-8801

Summary
Assigner-symantec
Assigner Org ID-80d3bcb6-88de-48c2-a47e-aebf795f19b5
Published At-30 Jun, 2016 | 23:00
Updated At-06 Aug, 2024 | 08:29
Rejected At-
Credits

Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:symantec
Assigner Org ID:80d3bcb6-88de-48c2-a47e-aebf795f19b5
Published At:30 Jun, 2016 | 23:00
Updated At:06 Aug, 2024 | 08:29
Rejected At:
▼CVE Numbering Authority (CNA)

Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036196
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/91446
vdb-entry
x_refsource_BID
Hyperlink: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1036196
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/91446
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1036196
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/91446
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036196
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/91446
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@symantec.com
Published At:30 Jun, 2016 | 23:59
Updated At:12 Apr, 2025 | 10:46

Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.02.9LOW
CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary2.03.3LOW
AV:L/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.0
Base score: 2.9
Base severity: LOW
Vector:
CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
Symantec Corporation
symantec
>>endpoint_protection_manager>>Versions up to 12.1.6(inclusive)
cpe:2.3:a:symantec:endpoint_protection_manager:*:mp4:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-254Primarynvd@nist.gov
CWE-284Primarynvd@nist.gov
CWE ID: CWE-254
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/91446secure@symantec.com
N/A
http://www.securitytracker.com/id/1036196secure@symantec.com
N/A
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01secure@symantec.com
Vendor Advisory
http://www.securityfocus.com/bid/91446af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1036196af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/91446
Source: secure@symantec.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036196
Source: secure@symantec.com
Resource: N/A
Hyperlink: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
Source: secure@symantec.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/91446
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2016-6591
Matching Score-8
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-8
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.23%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 15:23
Updated-06 Aug, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.

Action-Not Available
Vendor-Symantec Corporation
Product-norton_app_lockNorton App Lock
CWE ID-CWE-863
Incorrect Authorization
CVE-2016-5506
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-3.1||LOW
EPSS-0.11% / 30.67%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server.

Action-Not Available
Vendor-n/aOracle Corporation
Product-identity_managern/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5604
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 36.84%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_base_platformn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5601
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 36.84%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors related to CIE Related Components.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_servern/a
CWE ID-CWE-284
Improper Access Control
Details not found