Symantec Endpoint Protection Manager Remote Code Execution Vulnerability

Last Update Date: 19 Feb 2014 11:23 Release Date: 19 Feb 2014 4191 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Symantec Endpoint Protection Manager, which could be exploited by malicious users to execute arbitrary code.

 

The management console for Symantec Endpoint Protection Manager does not properly handle external XML data, which could potentially allow unauthorized access to restricted server-side data and console management functionality.

 

The management console for Symantec Endpoint Protection Manager does not sufficiently sanitize local queries made against the backend database which could lead an authorized but malicious user to attempt further compromise of the application.

Impact

  • Remote Code Execution

System / Technologies affected

  • Symantec Endpoint Protection Manager version 11.0
  • Symantec Endpoint Protection Manager version 12.1
  • Symantec Center Small Business Edition version 12.0

Solutions

  • Update to SEPM 11.0 RU7-MP4a (11.0.7405.1424) or later
  • Update to SEPM 12.1 RU4a (12.1.4023.4080) or later
  • Update to SEPM 12.1 RU4a SBE (12.1.4023.4080) or later

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft MSXML Information Disclosure Vulnerability

12 Feb 2014 4104 Views

Next

FFmpeg Multiple Vulnerabilities

19 Feb 2014 3955 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY