The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Symantec Endpoint Encryption

vulnerability bulletin CVE-2019-9702 CVE-2019-9703

Symantec Endpoint Encryption, Symantec Encryption Desktop: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Symantec Endpoint Encryption or Symantec Encryption Desktop, in order to escalate his privileges.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/07/2019.
Identifiers: CVE-2019-9702, CVE-2019-9703, SYMSA1485, VIGILANCE-VUL-29663.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions of Symantec Endpoint Encryption or Symantec Encryption Desktop, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-9694

Symantec Endpoint Encryption: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Symantec Endpoint Encryption, in order to escalate his privileges.
Severity: 2/4.
Creation date: 09/04/2019.
Identifiers: CVE-2019-9694, SYMSA1478, VIGILANCE-VUL-28978.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions of Symantec Endpoint Encryption, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness announce 24640

Symantec Encryption Desktop, Endpoint Encryption: privilege escalation via NTFS Hard Disk

Synthesis of the vulnerability

An attacker can bypass restrictions via NTFS Hard Disk of Symantec Encryption Desktop, Endpoint Encryption, in order to escalate his privileges.
Severity: 2/4.
Creation date: 04/12/2017.
Identifiers: VIGILANCE-VUL-24640.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via NTFS Hard Disk of Symantec Encryption Desktop, Endpoint Encryption, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15525 CVE-2017-15526

Symantec Endpoint Encryption: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Encryption.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/11/2017.
Identifiers: CVE-2017-15525, CVE-2017-15526, SYM17-012, VIGILANCE-VUL-24424.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Encryption.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2017-13675 CVE-2017-13683

Symantec Endpoint Encryption: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Symantec Endpoint Encryption, in order to trigger a denial of service.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/10/2017.
Identifiers: CVE-2017-13675, CVE-2017-13683, SYM17-010, VIGILANCE-VUL-24066.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error of Symantec Endpoint Encryption, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2015-8156

Symantec Endpoint Encryption: privilege escalation via EEDService

Synthesis of the vulnerability

A local attacker can put a malicious DLL in the path of EEDService of Symantec Endpoint Encryption, in order to escalate his privileges.
Severity: 2/4.
Creation date: 09/05/2016.
Identifiers: BID-90050, CVE-2015-8156, SYM16-006, VIGILANCE-VUL-19563.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Symantec Endpoint Encryption product installs the EEDService service.

However, the access path to a DLL is not quoted.

A local attacker can therefore put a malicious DLL in the path of EEDService of Symantec Endpoint Encryption, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2015-6556

Symantec Endpoint Encryption: information disclosure via Client Memory Dump

Synthesis of the vulnerability

A local attacker can force a Memory Dump of Symantec Endpoint Encryption, in order to obtain sensitive information, to access to SEE Management Server.
Severity: 1/4.
Creation date: 15/12/2015.
Identifiers: BID-78803, CVE-2015-6556, SYM15-012, VIGILANCE-VUL-18523.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Symantec Endpoint Encryption product is installed on client computers, and stores the password to access to SEEMS (SEE Management Server).

However, an attacker can dump the process memory, and read this credentials.

A local attacker can therefore force a Memory Dump of Symantec Endpoint Encryption, in order to obtain sensitive information, to access to SEE Management Server.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Symantec Endpoint Encryption: