XML External Entity Vulnerability in Symantec Endpoint Protection and Protection Center
CVE-2013-5014

Currently unrated

Key Information:

Vendor

Symantec
Status
Protection Center
Endpoint Protection Manager
Vendor
CVE Published:
14 February 2014

What is CVE-2013-5014?

The management console in Symantec Endpoint Protection Manager versions earlier than 11.0.7405.1424 and 12.1 versions before 12.1.4023.4080, as well as in Symantec Protection Center Small Business Edition versions prior to 12.1.4023.4080, is susceptible to XML External Entity (XXE) attacks. This flaw enables remote attackers to exploit the management console, allowing them to read arbitrary files on the server. The vulnerability arises from processing XML data that includes an external entity declaration along with an entity reference.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.symantec.com/security_response/securityupdates...
x_refsource_CONFIRM
https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...
x_refsource_MISC
http://www.exploit-db.com/exploits/31853
exploitx_refsource_EXPLOIT-DB

EPSS Score

86% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.