Test Kennung:	1.3.6.1.4.1.25623.1.0.804513
Kategorie:	Web application abuses
Titel:	Symantec Endpoint Protection Manager XXE and SQL Injection Vulnerabilities
Zusammenfassung:	The host is installed with Symantec Endpoint Protection Manager and is prone; to XXE and SQL injection vulnerabilities.
Beschreibung:	Summary: The host is installed with Symantec Endpoint Protection Manager and is prone to XXE and SQL injection vulnerabilities. Vulnerability Insight: Flaw is due to an error when handling XML data within the servlet/ConsoleServlet. Vulnerability Impact: Successful exploitation will allow attackers to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service). Affected Software/OS: Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080 Solution: Upgrade Symantec Endpoint Protection Manager to version 11.0.7405.1424 or 12.1.4023.4080 or later, and Symantec Protection Center Small Business Edition to version 12.1.4023.4080 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 65466 BugTraq ID: 65467 Common Vulnerability Exposure (CVE) ID: CVE-2013-5014 http://www.securityfocus.com/bid/65466 http://www.exploit-db.com/exploits/31853 http://www.exploit-db.com/exploits/31917 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140218-0_Symantec_Endpoint_Protection_Multiple_critical_vulnerabilities_wo_poc_v10.txt Common Vulnerability Exposure (CVE) ID: CVE-2013-5015 http://www.securityfocus.com/bid/65467 http://osvdb.org/103306
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.