Stefan Viehbock

**Name of the Vulnerable Software and Affected Versions** Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424 Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080 Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080 **Description** The issue allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This occurs in the management console of the affected software. **Recommendations** For Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424, update to version 11.0.7405.1424 or later. For Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080, update to version 12.1.4023.4080 or later. For Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080, update to version 12.1.4023.4080 or later.