Symantec Endpoint Protection Manager本地SQL注入漏洞(CVE-2013-5015)

2014-02-19T00:00:00
ID SSV:61477
Type seebug
Reporter Root
Modified 2014-02-19T00:00:00

Description

BUGTRAQ ID: 65467 CVE(CAN) ID: CVE-2013-5015

Symantec Endpoint Protection (SEP)是反病毒和防火墙产品。

Symantec Endpoint Protection Manager 11.0、Symantec Endpoint Protection Center Small Business Edition 12.0、Symantec Endpoint Protection Manager 12.1版本没有有效过滤数据库的本地请求,恶意本地用户可利用此漏洞注入任意SQL数据库查询。 0 Symantec Web Gateway < 5.2 厂商补丁:

Symantec

Symantec已经为此发布了一个安全公告(SYM14-004)以及相应补丁: SYM14-004:Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Manager Vulnerabilities 链接:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=secu