Is Symantec Endpoint Protection Manager vulnerable to CVE-2023-38709, CVE-2024-24795, CVE-2024-27316 and CVE-2024-38709

search cancel

Is Symantec Endpoint Protection Manager vulnerable to CVE-2023-38709, CVE-2024-24795, CVE-2024-27316 and CVE-2024-38709

book

Article ID: 281878

calendar_today

Updated On: 04-17-2024

Products

Endpoint Protection

Issue/Introduction

Is Symantec Endpoint Protection Manager (SEPM) vulnerable to CVE-2023-38709, CVE-2024-24795 CVE-2024-27316 and CVE-2024-38709

Resolution

The SEPM is not impacted by the following CVEs:

CVE-2023-38709 - Requires backend content generators to be injected with malicious content. The SEPM does not load untrusted sources, the CVE cannot be triggered.

CVE-2024-24795 - Requires backend content generators to be injected with malicious content. The SEPM does not load untrusted sources, the CVE cannot be triggered.

CVE-2024-27316 and CVE-2024-38709 - SEP/SEPM does not enable/use HTTP/2.

Feedback

thumb_up Yes

thumb_down No