![]() ![]() ![]() ![]() more committed to relying on the latest class of endpoint protection products.Ī remote attacker can send a specially crafted request to the application and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. Apache 2.4.48.694 used in current builds of Symantec Endpoint Protection Manager may appear in basic vulnerability audit reports for CVE-2021-40438 because the audit tool in use did no fully validate the Symantec Endpoint Protection Manager loaded modules or nf settings file and erroneously flagged the device. Panda Security, Sentinel One, Sophos, Symantec, and Trend Micro. Note, we are aware of attackers exploiting the vulnerability in the wild.Ĭybersecurity Help is currently unaware of any official solution to address this vulnerability. Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to. Symantec Endpoint Protection Manager: 14.3 - 14.3 RU1 MP1 Sophos Endpoint protection (Intercept X Endpoint, Intercept X for Server) does not use Log4j. On December 9th, an acute remote code execution (RCE) vulnerability was reported in the Apache logging package Log4j 2 versions 2.14.1 and below (CVE-2021-44228). Sophos performed host forensics and log analysis in the Sophos Email environment and determined that the vulnerability was not successfully exploited prior to fixes being deployed. ![]() Cpe:2.3:a:broadcom:symantec_endpoint_protection_manager:14.Apache Log4j is the most popular java logging library with over 400,000 downloads from its GitHub project. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |