Sql injection

2014-02-1413:10:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.4%

JSON

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CPENameOperatorVersion
endpoint_protection_managereq11.0
endpoint_protection_managereq12.1.0
endpoint_protection_managereq12.1.1
endpoint_protection_managereq12.1.3
endpoint_protection_managereq12.1.2
protection_centereq12.0

Name	Operator	Version
endpoint_protection_manager	eq	11.0
endpoint_protection_manager	eq	12.1.0
endpoint_protection_manager	eq	12.1.1
endpoint_protection_manager	eq	12.1.3
endpoint_protection_manager	eq	12.1.2
protection_center	eq	12.0

References

osvdb.org/103306

www.securityfocus.com/bid/65467

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00

www.exploit-db.com/exploits/31853

www.exploit-db.com/exploits/31917

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt