Security Updates

Security Updates http://www.symantec.com/security_response/securityupdates/list.jsp?fid=security_advisory Security Advisories Relating to Symantec Products en-us Symantec Endpoint Protection Multiple Issues Revision History 5/23/2012 Proof-of-Concept information released publicly for CVE-2012-0289. Clarification on affected product component and versions. Severity CVSS2 Base Score ... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 Tue, 22 May 2012 11:31:41 PDT Symantec Endpoint Protection Manager 11.x Denial of Service Revision History 5/23/2012 – Added 11.0 RU7(11.0.710x) to affected products Severity Medium CVSS2 Base Score: 4 Impact: 2.86 Exploitability 7.95 CVSS2 Vector AV: AV:N/AC:L/Au:S/... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_00 Tue, 22 May 2012 11:29:32 PDT Symantec Web Gateway Multiple Security Issues Revision History None   Severity CVSS2 Base Score Impact Exploitability CVSS2 Vector Command injection code execution - High 8.33 10.0 6.45 AV:A/AC:L... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 Thu, 17 May 2012 11:30:47 PDT Altiris WISE Package Studio SQL Injections Revision History None Severity Medium CVSS2 Base Score: 5.82 Impact 6.44, Exploitability 6.45 CVSS2 Vector:  (AV:A/AC:L/Au:N/C:P/I:P/A:P) Overview Symantec’s Altiris W... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120314_00 Wed, 14 Mar 2012 10:36:39 PDT Symantec Enterprise Vault Updates Oracle Outside In Module for Multiple Issues Revision History None Severity Medium CVSS2 Base Score: 4.05 Impact 6.44, Exploitability 2.69 CVSS2 Vector:  AV:L/AC:M/Au:S/C:P/I:P/A:P Exploit Publicly Available:  No... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120305_00 Mon, 5 Mar 2012 12:02:12 PST Symantec pcAnywhere awhost32 Denial of Service Revision History   4/9/2012 – Symantec released the latest version of pcAnywhere: pcAnywhere 12.5 SP4 and pcAnywhere Solution 12.6.7 which included many performance enhanc... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00 Thu, 1 Mar 2012 09:55:18 PST Symantec pcAnywhere Multiple Security Updates  Last Update 2/10/2012   Revision History 1/27/2012 - Added hot fix information for Symantec pcAnywhere versions 12.0.x and 12.1.x if customers are unable to follow the u... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00 Tue, 24 Jan 2012 12:49:40 PST Symantec Endpoint Protection Manager Cross-Site Request Forgery and Cross-Site Scripting Revision History None   Severity Medium CVSS V2: 6 Impact: 6.44  Exploitability 6.83 CVSS V2 Vector AV: AV:N/AC:M/Au:S/C:P/I:P/A:P Overview Symantec Endpoint Protection M... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120116_00 Mon, 16 Jan 2012 12:01:18 PST Symantec Updates Gear Driver for Local Access Denial of Service Revision History 12/9/2011 - Updated advisory to reflect availability of Backup Exec System Recovery 2010 SP4 to address this issue.   Severity Medium CVSS2 Base Score: 4.4 Imp... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20111109_00 Wed, 9 Nov 2011 10:10:28 PST Multi-Vendor Autonomy Verity Keyview Filter Multiple Issues Revision History None Severity Medium to High (based on the CVSS2 scoring below) High CVSS V2 9.33 (for SMSME and SMSDOM, running the Autonomy Verity Keyview Filter in-process or ou... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20111006_00 Thu, 6 Oct 2011 12:21:57 PDT Symantec IM Manager Administrator Console Multiple Issues Revision History None   Severity High   CVSS2 scoring for Code Injection CVSS2 Base Score: 7.6 Impact 9.5, Exploitability 5.5 CVSS2 Vector:  AV:A/AC:M/Au:S/C:P/I:... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00 Thu, 29 Sep 2011 11:48:00 PDT Symantec Enterprise Vault Update for Oracle Outside In Module  Revision History None   Severity High CVSS2 Base Score: 8.31 Impact 8.54, Exploitability 8.58 CVSS2 Vector:  AV:N/AC:M/Au:N/C:P/I:P/A:C Exploit Publicly Avai... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110901_00 Thu, 1 Sep 2011 08:24:19 PDT Symantec Veritas Enterprise Administrator service (vxsvc) buffer overflows     Revision History   None   Severity High CVSS V2 Base Score: 8.33 Impact 10, Exploitability 6.5 CVSS v2 Base Vector: AV:A/AC:L/Au:... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110815_00 Mon, 15 Aug 2011 02:10:56 PDT Symantec Endpoint Protection Manager Cross-Site Request Forgery and Cross-Site Scripting Revision History Altered to suggest users migrate to SEP 12.1 RU1 Severity Medium CVSS V2: 6 Impact: 6.44  Exploitability 6.83 CVSS V2 Vector AV: AV:N/AC:M/Au:S/C:P/I:P/A:P Ove... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00 Wed, 10 Aug 2011 15:33:16 PDT Symantec Web Gateway Blind SQL Injection  Revision History None   Severity Medium CVSS2 Base Score: 5.82 Impact 6.4, Exploitability 6.45 CVSS2 Vector:  AV:A/AC:L/Au:N/C:P/I:P/A:P Exploit Publicly Ava... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110707_00 Thu, 7 Jul 2011 10:55:07 PDT Multi-Vendor Autonomy Verity Keyview PRZ Reader Filter Overflow    Revision History None Severity High to Low (based on the CVSS sequence given below) CVSS V2 9.33 (for products, SMSME and SMSDOM, running Keyview Filter ... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110531_00 Tue, 31 May 2011 09:15:08 PDT Symantec Backup Exec Man-in-The-Middle   Revision History None Severity Medium   CVSS v2 : 6.5 Impact : 10 Exploitability : 2.5 CVSS v2 Vector : (AV: A/AC: H/Au: S/C: C/I: C/A: C) ... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00 Thu, 26 May 2011 08:14:06 PDT Symantec LiveUpdate Administrator Cross-Site Request Forgery     Revision History None   Severity Medium CVSS2 Base Score: 5.39 Impact 6.44, Exploitability 5.54 CVSS2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P... http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00 Mon, 21 Mar 2011 12:30:03 PDT Symantec IM Manager Eval() Code Injection None http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110131_00 Mon, 31 Jan 2011 09:49:40 PST Multiple Symantec Intel Alert Management System Arbitrary Message Creation or Denial of Service None http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01 Wed, 26 Jan 2011 10:06:16 PST