PT-2014-2896 · Symantec · Symantec Protection Center Small Business Edition+1
Publicado
2014-02-14
·
Atualizado
2015-07-30
·
CVE-2013-5015
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424
Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080
Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080
Description
The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, which can be exploited through the management console.
Recommendations
For Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424, update to version 11.0.7405.1424 or later.
For Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080, update to version 12.1.4023.4080 or later.
For Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080, update to version 12.1.4023.4080 or later.
Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Symantec Endpoint Protection Manager
Symantec Protection Center Small Business Edition