CVE-2014-3439

2014-11-0711:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

symantec

endpoint protection manager

sepm

vulnerability

remote attack

file write

cve-2014-3439

nvd

6.6 Medium

AI Score

Confidence

Low

6.1 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.009 Low

EPSS

Percentile

82.8%

JSON

ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.

CPENameOperatorVersion
symantec:endpoint_protection_managersymantec endpoint protection managereq12.1.0
symantec:endpoint_protection_managersymantec endpoint protection managereq12.1.1
symantec:endpoint_protection_managersymantec endpoint protection managereq12.1.3
symantec:endpoint_protection_managersymantec endpoint protection managerle12.1.4
symantec:endpoint_protection_managersymantec endpoint protection managereq12.1.2

CPE	Name	Operator	Version
symantec:endpoint_protection_manager	symantec endpoint protection manager	eq	12.1.0
symantec:endpoint_protection_manager	symantec endpoint protection manager	eq	12.1.1
symantec:endpoint_protection_manager	symantec endpoint protection manager	eq	12.1.3
symantec:endpoint_protection_manager	symantec endpoint protection manager	le	12.1.4
symantec:endpoint_protection_manager	symantec endpoint protection manager	eq	12.1.2