PT-2014-2895 · Symantec · Symantec Protection Center Small Business Edition+1
Stefan Viehbock
·
Publicado
2014-02-14
·
Atualizado
2014-03-26
·
CVE-2013-5014
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424
Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080
Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080
Description
The issue allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This occurs in the management console of the affected software.
Recommendations
For Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424, update to version 11.0.7405.1424 or later.
For Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080, update to version 12.1.4023.4080 or later.
For Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080, update to version 12.1.4023.4080 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Symantec Endpoint Protection Manager
Symantec Protection Center Small Business Edition