CVE-2010-0114

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions 11.x through 11 RU6 MP1

Description The issue allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request. This is related to the fw charts.php file in the reporting module of the Manager component.

Recommendations For Symantec Endpoint Protection versions 11.x through 11 RU6 MP1, update to version 11 RU6 MP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the fw charts.php file in the reporting module to minimize the risk of exploitation.