Lucene search

[email protected]CVE-2014-9229

HistorySep 20, 2015 - 8:59 p.m.

CVE-2014-9229

2015-09-2020:59:02

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-9229

sql injection

symantec endpoint protection

sep

remote code execution

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.4%

JSON

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.

Affected configurations

NVD

Node

symantecendpoint_protectionRange≤12.1.5

CPENameOperatorVersion
symantec:endpoint_protectionsymantec endpoint protectionle12.1.5

CPE	Name	Operator	Version
symantec:endpoint_protection	symantec endpoint protection	le	12.1.5

References

www.securityfocus.com/bid/75204

www.securitytracker.com/id/1032616

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2014-9229

cvelist1 prion1 nvd1 nessus1 symantec1 openvas1