PT-2014-2896 · Symantec · Symantec Protection Center Small Business Edition+1
Published
2014-02-14
·
Updated
2015-07-30
·
CVE-2013-5015
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424
Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080
Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080
Description
The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, which can be exploited through the management console.
Recommendations
For Symantec Endpoint Protection Manager versions 11.0 through 11.0.7405.1424, update to version 11.0.7405.1424 or later.
For Symantec Endpoint Protection Manager versions 12.1 through 12.1.4023.4080, update to version 12.1.4023.4080 or later.
For Symantec Protection Center Small Business Edition versions 12.x through 12.1.4023.4080, update to version 12.1.4023.4080 or later.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symantec Endpoint Protection Manager
Symantec Protection Center Small Business Edition